01.19.22

Links 19/1/2022: XWayland 22.1 RC1 and OnlyOffice 7.0 Release

Posted in News Roundup at 3:43 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Kubernetes

      • Kubernetes Blog: Securing Admission Controllers

        Admission control is a key part of Kubernetes security, alongside authentication and authorization. Webhook admission controllers are extensively used to help improve the security of Kubernetes clusters in a variety of ways including restricting the privileges of workloads and ensuring that images deployed to the cluster meet organization’s security requirements.

        However, as with any additional component added to a cluster, security risks can present themselves. A security risk example is if the deployment and management of the admission controller are not handled correctly. To help admission controller users and designers manage these risks appropriately, the security documentation subgroup of SIG Security has spent some time developing a threat model for admission controllers. This threat model looks at likely risks which may arise from the incorrect use of admission controllers, which could allow security policies to be bypassed, or even allow an attacker to get unauthorised access to the cluster.

        From the threat model, we developed a set of security best practices that should be adopted to ensure that cluster operators can get the security benefits of admission controllers whilst avoiding any risks from using them.

    • Audiocasts/Shows

    • Kernel Space

      • Overcoming vulnerabilities with live kernel patching in Red Hat Enterprise Linux 8.5

        IT operations folks strive to not only maximize uptime, but also keep systems patched. These might seem like competing goals, but we’re here to help with Live kernel patching in Red Hat Enterprise Linux (RHEL) and enjoy some improvements with live kernel patching in RHEL 8.5.

        You can use a built-in tool to get update the kernel on RHEL systems with no downtime. That tool is live kernel patching (kpatch). Kpatch has been a part of our operating system for some time now (since RHEL 8.1, 7.7). However, with RHEL 8.5 (and the 9.0 Beta), there are some significant enhancements.

      • Gentoo Linux: Building/rebuilding a kernel and Intel CPU microcode in an installation with initramfs | Fitzcarraldo’s Blog

        In a 2014 post I explained how to update the Intel CPU microcode in a Gentoo Linux installation with an initramfs (I use sys-kernel/genkernel to build the kernel in the installation on my Compal NBLB2 laptop, which is running the Testing Branch of Gentoo Linux although the branch is not important). The initscript method (Method 1 in that post) for updating the CPU microcode is no longer valid, and the behaviour of the tool sys-apps/iucode_tool for updating the CPU microcode (Method 2 in that post) has changed, hence this update.

        Although not essential I normally perform the microcode upgrade procedure when I either rebuild or upgrade the Linux kernel, therefore I explain both procedures contiguously here.

        These days the grub-mkconfig command edits the file /boot/grub/grub.cfg to add a line to the GRUB menu entries, to load the CPU microcode at boot, but nevertheless I prefer to follow a slightly different method that works reliably for me.

      • Intel Media Driver 22 Debuts With Alchemist / ATS-M Support, ADL-N – Phoronix

        Intel’s Media Driver 22.1.1 has been released as their firsr 22.x series open-source GPU video encode/decode software release. This quarterly update introduces new hardware support and a number of feature updates.

        Intel Media Driver 22.1.1 serves as Intel’s Media Driver “2021Q4″ release. New hardware support with Intel Media Driver 22.1.1 includes now supporting DG2/Alchemist also referred to as ATS-M (Arctic Sound Mainstream). These forthcoming Intel Arc discrete graphics have GPU-accelerated video decode now working with this driver and video processing functionality. This Intel Media Driver release also adds Alder Lake N (ADL-N) platform support.

      • Linux 5.17 RISC-V Allows Rebooting Without Needing Special Driver, HiFive Unmatched Improvements – Phoronix

        he RISC-V architecture updates for the in-development Linux 5.17 kernel have been successfully submitted.

        This cycle brings continued upstream work on SiFive’s HiFive Unmatched RISC-V development board, which is the best, broadly available RISC-V board so far for enthusiasts, developers, and those just wanting to dabble with this royalty-free CPU architecture.

      • Graphics Stack

        • Khronos and EMVA Issue Call for Participation for New Camera API Working Group – The Khronos Group Inc

          Today, The Khronos® Group, an open consortium of industry-leading companies creating advanced interoperability standards, together with the European Machine Vision Association (EMVA) announces the formation of a new Khronos Working Group to develop an open, royalty-free API standard for controlling camera system runtimes in embedded, mobile, industrial, XR, automotive, and scientific markets. Over 70 companies participated in an EMVA/Khronos-hosted Exploratory Group during 2021 to develop a Scope of Work document that will guide the direction of the API design. Design work is expected to start in February 2022, and any organization is invited to join Khronos to participate.

        • Khronos Establishing A Camera API Working Group – Phoronix

          In recent years The Khronos Group has been expanding a lot and forming a number of new open industry standards around 3D commerce, analytics rendering, and more. The latest is Khronos now establishing a Camera API working group.

        • AMDVLK 2022.Q1.1 Released With Radeon RX 6500 XT Support – Phoronix

          After ending out 2021 with an AMDVLK update to fix poor performance on Wayland, AMD today issued AMDVLK 2022.Q1.1 with their first set of changes for the new year.

          AMDVLK 2022.Q1.1 most notably introduces Navi 24 support, which is the entry-level RDNA2 GPU used by the Radeon RX 6500 XT graphics card launching today. AMDVLK support is ready to go for today’s Radeon RX 6500 series debut for that mainstream GPU offering.

        • VMware’s SVGA Gallium3D Driver Lands OpenGL 4.3 Support In Mesa 22.0 – Phoronix

          VMware has been preparing support for OpenGL 4.3 to be exposed within their VMware virtualization software so that guest VMs can enjoy newer OpenGL support that is accelerated by the host.

          With Linux 5.17 the VMware “VMWGFX” DRM kernel driver has the necessary kernel-side bits for OpenGL 4.3 to be exposed by VMware’s guest virtual machines. Now in Mesa 22.0-devel, the user-space portion for OpenGL 4.3 with VMware’s SVGA Gallium3D driver is now wired up. The remaining portion is updated VMware hypervisor software for exposing the updated virtual device.

        • 20 Intel ARC GPU IDs listed in upcoming Linux Mesa driver update

          We know Intel plans to release desktop and mobile lineups for its first wave of graphics cards, but 20 different device IDs sounds like a tall order. The list likely accounts for engineering samples, low-end variants, models that are not guaranteed to release, and of course the surefire mainstream gaming-tier entries such as the 512 execution unit model that’s rumored to challenge Nvdia’s RTX 3070 family.

          Seeing as Intel didn’t have anything substantial regarding ARC to show at CES 2022, it remains unclear if the graphics cards will still launch in Q1 this year. But Intel is at least sampling GPUs to laptop manufacturers which is a good sign of progress. Graphics cards are complex components to get right though, so it’s likely for the better if Intel decides to pace the launch and get things right on both the hardware and driver levels. Seeing as the company also plans to cater to Linux users, this sounds like a full scale endeavor by Intel to capture as many new users as possible and continue supporting them. Provided it has the supply to satiate demand.

    • XWayland

      • xwayland 22.0.99.901 (aka Xwayland 22.1.0 rc1)
        As per the schedule, I am please to announce the first release candidate
        of the standalone Xwayland 22.1.0 release.
        
        Some notable changes since Xwayland 21.1 include:
        
          * DRM lease support
          * Enables sRGB fbconfigs in GLX
          * Requires libxcvt
          * Refactoring of the present code in Xwayland
          * Implements support for touchpad gestures
          * Support for xfixes's ClientDisconnectMode and optional terminate delay
        
        Testing of this release candidate would be greatly appreciated.
        
        Please report any issues at https://gitlab.freedesktop.org/xorg/xserver/-/issues
        
        The second release candidate is scheduled in two weeks from now.
        
      • XWayland 22.1 RC1 Released With DRM Leasing, Other Improvements – Phoronix

        The race is on for delivering XWayland 22.1 in time for the spring Linux distribution releases with at least Fedora Workstation 36 expected to carry this updated package for allowing X11 clients to work atop Wayland compositors.

        Plans were recently drawn up XWayland 22.1 in February with it having almost been a year since the last major feature release. This is for the standalone XWayland releases yanked out of the X.Org Server in no longer being bound to the xorg-server release cycle or releasing all those additional components.

    • Instructionals/Technical

      • Git Reset Hard – Example Walkthrough

        In this article I will walk through how to do a git reset hard. When working with git on a project with multiple developers there tends to be a lot of changes to the code repository. Branches are created, files are added and changed, and files are staged and committed. With this amount of activity sometimes changes are made to files in the project which do not have the desired result, leading to you needing to revert the changes and roll back to a previous version of the code.

        With Git being a version control system (specifically a distributed VCS), previous versions of files in the project are available. Read on to find out how to undo your changes in git using a git hard reset.

      • Advanced Git Concepts You Should Know
      • How to Manage Linux Processes With htop

        System monitoring allows you to measure the performance of your Linux applications and services. You can measure processes and services using default tools or ones that you install yourself. With these programs, you can optimize performance, spot problems, and identify their source.

        The htop command is an interactive system-monitoring tool for Linux and Unix-like systems. It’s an alternative to the default command-line tool, top, that comes pre-installed on all Linux distributions.

        This article explains how htop is different from the top utility. You’ll see how to install htop on various Linux distributions or build it from the source. And you’ll find out how to more around htop’s interface and perform system monitoring using shortcut keys or your mouse.

      • How to Install Vtiger CRM Open Source Edition on Rocky Linux 8

        vTiger is an enterprise CRM system based on the well-known SugarCRM. Also available in open source edition. And here we learn the steps and commands involved to install Vtiger on Rocky Linux 8 Linux.

        It is a web-based, platform-independent and modular Customer Relationship Management (CRM) software that is particularly characterized by good integration into existing systems and convinces with a clear process orientation. The professional and enterprise versions hosted by vTiger are paid, however, there is a free plan without some limitation, if some want to try out the CRM before going for the paid features. Whereas, if you have the expertise, or a team that can handle the CRM back-end, then go for the self-hosted open-source version of it.

        Vtiger’s open-source edition is 100% free and developers can modify the source code as needed. In order to be able to use the software, the software must be installed either on hardware or on a virtualized machine. Many companies fail at this step because the necessary know-how is not available. If you are of those, here we are with the Vtiger CRM installation tutorial, which certainly helps you.

      • How To Install MariaDB on CentOS 9 Stream – idroot

        In this tutorial, we will show you how to install MariaDB on CentOS 9 Stream. For those of you who didn’t know, MariaDB is a free and open-source database management system and acts as a drop replacement for the Oracle MySQL server. MariaDB is a development of MySQL which puts focus on stability and performance and make it free to users.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MariaDB on CentOS 9 Stream.

      • How To Create and use a Self-Signed SSL Certificate for Apache

        The Transport Layer Security(TLS) and its predecessor SSL(secure socket layer) are web protocols that are used to swap normal web traffic in a protected, encrypted wrapper.

        Signing your own SSL certificates is usually done as an easy alternative to certificate authorities for internal communications or non-user facing sites that need still encryption. Here’s how to set one up with Apache.

      • Install Vtiger CRM Open Source Edition on AlmaLinux 8 – Linux Shout

        vTiger is an enterprise CRM system based on the well-known SugarCRM. Also available in open source edition. And here we learn the steps and commands involved to install Vtiger CRM on Almalinux 8 Linux.

        It is a web-based, platform-independent and modular Customer Relationship Management (CRM) software that is particularly characterized by good integration into existing systems and convinces with a clear process orientation. The professional and enterprise versions hosted by vTiger are paid, however, there is a free plan without some limitation, if some want to try out the CRM before going for the paid features. Whereas, if you have the expertise, or a team that can handle the CRM back-end, then go for the self-hosted open-source version of it.

        Vtiger’s open-source edition is 100% free and developers can modify the source code as needed. In order to be able to use the software, the software must be installed either on hardware or on a virtualized machine. Many companies fail at this step because the necessary know-how is not available. If you are of those, here we are with the Vtiger CRM installation tutorial, which certainly helps you.

      • What Are UUIDs and Why Are They Useful? – CloudSavvy IT

        UUIDs are unique values which you can safely use for decentralized identity generation. Collisions are possible but should be so rare they can be discarded from consideration. If you generated one billion UUIDs a second for an entire century, the probability of encountering a duplicate would be around 50% assuming sufficient entropy was available.

        You can use UUIDs to establish identity independently of your database, before an insert occurs. This simplifies application-level code and prevents improperly identified objects from existing in your system. UUIDs also aid data replication by guaranteeing uniqueness irrespective of data store, device, or environment, unlike traditional integer keys that operate at the table level.

        While UUIDs are now ubiquitous in software development, they are not a perfect solution. Newcomers tend to fixate on the possibility of collisions but this should not be your prime consideration, unless your system is so sensitive that uniqueness must be guaranteed.

      • 8 essential Linux file navigation commands for new users | Enable Sysadmin

        The basics are, well, basic. Yet these fundamental commands and skills are critical for day-to-day work on Linux systems. Sometimes new users are overwhelmed by the details of managing Linux from the command line. What they need is a quick overview or reminder to get them going. The fancy options come later.

        To that end, this article gives you eight basic filesystem navigation concepts and commands integral to file management.

      • Manage your passwords in the Linux terminal | Opensource.com

        These days, we all have a few dozen passwords. Fortunately, the bulk of those passwords are probably for websites, and you probably access most websites through your internet browser, and most browsers have a built-in password manager. The most common internet browsers also have a synchronization feature to help you distribute your passwords between the browsers you run across all your devices, so you’re never without your login information when you need it. If that’s not enough for you, there are excellent open source projects like BitWarden that can host your encrypted passwords, ensuring that only you have the key to unlock them. These solutions help make maintaining unique passwords easy, and I use these convenient systems for a selection of passwords. But my main vault of password storage is a lot simpler than any of these methods. I primarily use pass, a classic UNIX-style password management system that uses GnuPG (GPG) for encryption, and the terminal as its primary interface.

    • Wine or Emulation

      • Wine 7.0 Released With New Features | Itsubuntu.com

        Wine 7.0 is now available for download. It is the major release from the Wine developer. If you don’t know what Wine is then Wine is a software for Linux that lets Linux users run Windows-based applications in Linux.

      • Version 7 of WINE is better than ever at running Windows apps where they shouldn’t

        Version 7 of the WINE compatibility tool for running Windows programs on various *nix operating systems is here, bringing notably improved 64-bit support.

        WINE has come a long way. It took 18 years to get to version 1.0 and another nine years to get to version 2, but since version 3 in 2018, it’s averaged roughly one major release per year. The project is now mature, stable, and quite functional. A lot of Windows programs work fine that formerly didn’t. It’s not limited to Linux – it also supports macOS and FreeBSD, and Linux relatives ChromeOS and Android.

        This may in part be due to its corporate backing. The project has had several business sponsors over the decades, including Corel, which invested substantial effort to help port WordPerfect Office, and later Google, which did the same so that the now-cancelled Picasa would work better on Linux.

        These days, its primary sponsor is Codeweavers, which sells a commercial version called CrossOver Office for Linux, macOS and ChromeOS, as well as tools and services to help with porting Windows apps.

    • Games

      • Gaming on Chromebook – Invidious

        Some of the models of Chromebook come with GOOD specs. However, they aren’t utilized properly and let me show you how I run BOTH rise of the tomb raider and rocket league on a chromebook.

      • Action-packed ‘combat-puzzle’ roguelite Red Tether is out now | GamingOnLinux

        It’s actually called —Red—Tether–> but that would look a bit odd in the headline. A new release from indie dev Sleeper Games, it’s a thoroughly unique looking shoot ‘em up with pretty fun looking gameplay.

        With the help of a tether harpoon, you will take down large space fleets using an indirect combat system. Instead of firing off your phasers, you’ll be hoping your harpoon is well placed to help you tear ships apart and throw them around the screen.

      • All Roads Lead to Arch: The Evolution of Linux Distros Used for Gaming Over Time – Boiling Steam

        ProtonDB is mostly used to track games, but there is another way to use it: to track the evolution of Linux distros used by gamers over time. Turns out we have now a great dataset since 2018 of what distributions were used to make reports of ProtonDB, and we can exploit that observe trends. The usual caveats apply (for the methodology, see at the end of this article for more details): this may not be representative of the Linux Gaming market at large, there are variations month after month so we won’t care about a few percents ups and down, and so on. Enough said, you already know all that. Still, I would argue that people who contribute to ProtonDB are avid and active Linux Gamers, and probably at the forefront of larger trends. You can expect ProtonDB users to feature more tinkerers as well, so seeing Arch over-represented is not surprising. But the point is that the sample is probably consistent over time, and we are interested in how the choice of ProtonDB users is evolving since 2018.

      • Total War: WARHAMMER III gets a short hype-trailer for The Daemon Prince | GamingOnLinux

        Total War: WARHAMMER III is getting real close to the release now, and it’s getting exciting for strategy fans to see the conclusion of this epic. Launching officially on February 17, it will be “available as close to launch day as possible on macOS and Linux”.

        Seems Creative Assembly decided you need to get hyped and remember it’s coming, as they’ve released a short new trailer to show off the rather boringly named (compared with other Warhammer naming that is) Daemon Prince. The trailer may be short but it is pretty great at making me want it now.

      • Humble Choice drops Mac and Linux platforms – NotebookCheck.net News

        Humble Choice has suspended its support for Mac and Linux systems as the company develops a new launcher for its subscription. The launcher will only be available for Windows PCs on February 1. Subscribers on Mac and Linux have until the end of the month to download DRM-free games from the Trove collection that are still supported, as some of these indie games will no longer be available in Mac and Linux versions.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Plasma 5.24 Beta Review Day

          When a new Plasma release enters Beta Phase, there are three weeks of intense testing, bugfixing and polishing.

          During this time we need as many users and developers as possible to help with finding regressions, trying to reproduce incoming reports and generally being on top of as much as possible. The more users, workflows, use cases and hardware the tests are being run on greatly helps to cover a wide variety of the entire software stack.

        • digiKam Recipes 22.01.21 released

          New year, new revision of the digiKam Recipes book. It is a relatively modest update that features two new additions: how to upload photos to a remove machine via SSH directly from digiKam and how to access digiKam remotely via RDP. Oh, and there is a new colorful book cover.

          As always, all digiKam Recipes readers will receive the updated version of the book automatically and free of charge. The digiKam Recipes book is available from Google Play Store and Gumroad.

        • KDE Enjoys Improvement For Much Better NVIDIA Wayland GBM Experience – Phoronix

          A QtWayland module change has landed that should greatly improve the NVIDIA Wayland experience when running the KDE desktop on modern NVIDIA drivers offering GBM API support.

          The change to Qt Wayland is about moving the Wayland socket polling to a separate event thread. In turn this particularly benefits NVIDIA with their latest proprietary 495+ drivers supporting GBM as an alternative to the EGLStreams approach they previously pushed along for the years of supporting Wayland.

      • GNOME Desktop/GTK

        • This Extension Adds Transparent Clock & Date Desktop Widget in Ubuntu 20.04+ | UbuntuHandbook

          Want to display time and date on your Ubuntu Desktop as widget? Without Conky or any other app, there’s now Gnome extension can do the trick by adding a live clock on your wallpaper.

          It’s ‘Showtime’, an extension based on the Budgie Desktop widget. It displays transparent live digital lock, weekday, as well as date on the background wallpaper. And, it shows date and time in both vertical and horizontal styles.

    • Distributions

      • SUSE/OpenSUSE

        • SUSE Liberty Linux – Securing your Linux future without vendor lock in | SUSE Communities

          Running a mixed Linux environment is common in today’s IT world. That is, competitive businesses run a wide variety of workloads on a wide variety of Linux distributions, including production workloads running on different enterprise Linux distributions.

          In this scenario, you are no doubt getting support, maintenance updates and security patches from not only multiple vendors, but also the open source communities. In addition, it’s possible that you are using multiple management dashboards to keep track of the health of your disparate systems.

          Your mixed Linux environment is quite frankly a nightmare for your administrators. Support contracts with multiple vendors are costly and complicated to maintain. And getting community support takes time away from the innovative work that the business is asking of you.

          The question is: how do you keep your workloads running where they run best and simplify your IT management?

      • IBM/Red Hat/Fedora

        • Running Penpot locally, Docker-free, with Podman!

          Penpot is a new free & open source design tool I have been using a lot lately. It is a tool the Fedora Design Team has picked up (we have a team area on the public https://penpot.app server where we collaborate and share files) and that we have been using for the Fedora website redesign work.

          As I’ve used it over a longer length of time, I’ve noticed some performance issues (particularly around zooming and object selection / movement.) Now, there’s a number of factors on my side that might be causing it. For example, I have ongoing network issues (we spent part of Christmas break rewiring our house and wireless AP setup, which helped a bit, but now it seems my wireless card can’t switch APs if the laptop is moved between floors, lol.) In any case, I knew that Penpot can be run locally using containers, and I wanted to try that to see if it helped with the performance issues I was seeing.

        • Reduce data privacy issues with machine learning models

          As the use of AI becomes increasingly pervasive in business, industries are discovering that they can use machine learning models to make the most of existing data to improve business outcomes. However, machine learning models have a distinct drawback: traditionally, they need huge amounts of data to make accurate forecasts. That data often includes extensive personal and private information, the use of which is governed by modern data privacy guidelines, such as the EU’s General Data Protection Regulation (GDPR). GDPR sets a specific requirement called data minimization, which means that organizations can collect only data that is necessary.

          It’s not only data privacy regulations that need to be considered when using AI in business: Collecting personal data for machine learning analysis also represents a big risk when it comes to security and privacy. According to the Cost of a Data Breach Report for 2021, the average data breach costs over $4 million overall for the enterprise, with an average cost of $180 per each record compromised.

        • 2022-01 CentOS board meeting

          Board members

          Thomas Oulevey
          Tru Huynh
          Brian Exelbierd
          Pat Riehecky
          Davide Cavalca
          Josh Boyer
          Mike McLean
          Johnny Hughes

        • Running Penpot locally, Docker-free, with Podman! – Máirín Duffy

          Penpot is a new free & open source design tool I have been using a lot lately. It is a tool the Fedora Design Team has picked up (we have a team area on the public https://penpot.app server where we collaborate and share files) and that we have been using for the Fedora website redesign work.

        • Red Hat and OS-Climate Data Commons: Helping financial services with data for informed decisions [Ed: IBM Red Hat is greenwashing again]

          Since joining OS-Climate (OS-C), Red Hat has been participating in an initiative to equip financial services institutions with the data they need to make informed decisions. At the 26th UN Climate Change Conference of the Parties (COP26), Red Hat speakers discussed ways financial institutions can more effectively use and share data to address climate change.

          Climate finance was a central talking point among delegates at COP26. How can banks help address these goals of COP26? We’ll share some highlights of our conference presentation in this post.

        • Keeping POWER relevant in the open source world

          I’m not a POWER (or recently: Power) expert, only an enthusiastic user and advocate. Still, in the past couple of weeks a number of people from around the world asked my opinion how the POWER architecture could be kept relevant. This blog is really just an opinion, as I do not have the financial means to go ahead. It is full of compromises some people are not willing to make. However, I think this is the safest and fastest way forward.

          [...]

          IBM treats Power as an enterprise platform, just like mainframes. And as long as they run AIX and IBMi with a couple of proprietary commercial applications, they are right.

        • DevSecOps: 5 tenets to empower your workforce

          The DevSecOps movement promotes a “shift-left” approach where security scans begin at the first commit and continue throughout the pipeline and beyond. Automation is pervasive and threats need to be identified and mitigated early and often. Developers are now tasked to write, build, secure, deploy, and potentially operate their own code.

          Fueled by the two-year pandemic, today’s remote workforce has increased the need for heightened security awareness in all aspects of the business. This is particularly true for those who work in the technology sector. The use of new tools, coupled with decreased control over the remote working environment, adds extra layers of complexity. We need DevSecOps today more than ever.

          While we can solve some of these challenges through active automation, we cannot fully realize the benefits of DevSecOps without internalizing DevSecOps principles. DevSecOps is a way of thinking, of awareness, and certainly of behaving. DevSecOps requires a security mindset from developers, security professionals, site reliability engineers (SREs), and business staff.

        • IT talent strategy: 3 considerations for recruitment and retention in 2022
        • Connect IoT devices with Drogue IoT and OpenShift Streams for Apache Kafka

          Internet of Things (IoT) devices typically produce a lot of data, and Apache Kafka is a great tool for streaming that data. This article introduces Drogue IoT, a set of APIs and management tools that work with Kafka. You’ll learn how to set up a Drogue IoT application using Red Hat OpenShift Streams for Apache Kafka.

        • From monolith to microservices: How applications evolve

          This is the second article in a three-part series about designing a microservices-oriented application (MOA) and how to adopt microservices in your organization. The first part of the series laid out the five basic principles of microservices-oriented application design. Now we’ll talk about implementing microservices.

          To see how you can use microservices in your organization, it’s worth looking at why the architectural style came about and how a monolith tends to evolve into an MOA. You can use this historical understanding as a guide for designing an MOA moving forward. So let’s start by taking a short walk down IT’s Memory Lane.

      • Debian Family

        • How To Install osTicket on Debian 11

          In this tutorial, we will show you how to install osTicket on Debian 11. For those of you who didn’t know, osTicket offers free, open-source ticket management and customer care solutions for businesses of all sizes, especially small and medium-sized businesses. With osTicket, you can manage, organize, and archive your support requests. It integrates customer support requests received by email, web forms, and phone calls into a simple, easy-to-use, multi-user web-based platform.

          This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of osTicket on a Debian 11 (Bullseye).

        • Ayoyimika Ajibade: Nodejs 16 and Webpack 5 transition in Debian

          Transitioning is a concept in Debian about maintaining only one version of a library like webpack, nodejs. There is a bottleneck as other libraries and applications may not support the version we have in Debian. So we have to port that software which For example, node-mini-css-extract-plugin, node-mermaid and so many packages uses webpack. In buster we had webpack4 and in bullseye, we want to update it to webpack5. node-mini-css-extract-plugin already supports webpack5, but others like node-mermaid don’t support it yet. So either we wait or we help those projects to update their webpack version. Check out this chat between my mentor and a community member on transitioning of rails6

        • Caleb Adepitan: Everybody Struggles

          I often get intimidated by the brilliance of others by just looking at them from a distance seeing how radiantly they gleam in their knowledge. I often feel like I’m not doing enough or I’m just meant to be a mediocre and there’s nothing I can do to be more than that. I often feel like everyone except me is a genius, and are impeccable unlike me.

          But maybe I’m just at a point these people had previously been at, and have now gone past. Maybe it’s my time to steer the wheel they once steered, or maybe they aren’t even what they seem to me to be and it’s all just a misrepresentation cooked up by an imperfect mind. Hmm…it has to be that. A “perfect” portrait painted by an imperfect mind which when found out renders every stroke in the portrait imperfect. It has to be that or all.

        • Everyone Struggles

          As a software developer struggling to grasp both basic and advanced knowledge of a concept can seem daunting, much like learning anything new, you can be overwhelmed when you are surrounded and know there is a whole lot of other new concept, tools, process, languages you have to learn that are linked to what you are currently learning, as you are struggling to grasp the fundamental idea of what you are currently learning. imbued in any struggle to get a solution to the problem is where innovation and inventions lie in, and our learning becomes improved as we dive into fact-finding, getting your hypothesis after a series of tests and ultimately proffering a solution

          Some of my struggles as I intern with Debian has been lack of skill of the shell scripting language as that is one of the core languages to understand so as to navigate your way around maintaining packages for Debian, also funny enough having just an intermediate knowledge of the javascript programming language as arguably having a basic knowledge of javascript is necessary to building and testing javascript packages in Debian as I know only the basic of javascript since my core language is Python, that I struggle with. The good thing is that the more I keep at it the faster the chance of the struggles reducing

      • Canonical/Ubuntu Family

        • Linux Mint Edge Is Ready for the Newest Hardware

          Linux Mint 20.3 is now widely available and ships with kernel 5.4. For anyone that uses the latest-gen hardware, that older kernel could be problematic. So, for those Mint users who do have hardware unsupported by the 5.4 kernel, there’s now an option.

          Linux Mint 20.3 Edge is a version of the distribution that ships with kernel 5.13.0-25, which means you’ll find more new hardware supported. By employing this new kernel, Edge adds support for Apple M1 (initial support), preliminary Intel Alder Lake S graphics, AMD GPU Freesync/Adaptive-Sync HDMI, AMD Alderbaran accelerator, generic USB display, Loongson 2K1000, preparations for Intel discrete graphics, and Intel DG1 Platform Monitoring Technology.

        • Choose the best Docker image for the job at hand

          Docker images revolutionized the computing world, but not all images are created equal. Let’s look at how to choose the best Docker image for the job at hand. Because while there are many suitable images your organization could choose, the best option depends on its context.

          The difference in requirements between production-use and quick-and-dirty Docker images is vast. For personal use, a quick, disposable image works. For production images, official, stable and well-supported images work best. A single WordPress image is good for personal use, but not for a business. That said, WordPress is available as an official image.

          In production, it is better to build your own container images to ensure the quality of the Docker image.

          [...]

          Ubuntu. This is one of the most downloaded Docker images in the industry. It is the official OS for Ubuntu and is used as a base image for nearly every type of server OS. It is a small, slim image designed to be built upon. This image is easy to expand and include what resources are needed for a given task.

          Alpine. For those who want something smaller, the Alpine Linux Docker image is the way to go. It is great to run on systems with constrained resources, but Alpine management requires a higher skill level and is not as user-friendly as Ubuntu. Unless there is an overriding reason to use Alpine, keep to the Ubuntu mainstream environment.

          Nginx. Nginx is the current hot web and proxy server. This image is designed to be tiny and respond to use out of the box via mount point for the files.

          MySQL. MySQL databases are a staple of the open source world. This container is easy to download, has a disposable SQL server for experimenting and can be deleted easily when finished. This is part of the benefits of Docker containers in general — build, use and throw away.

        • Hands-on: Comino Grando RM-S

          Three of the VMs get 16 cores of the 3975WX, 64GB of RAM and an RTX 3090 each. The fourth VM only receives 14 cores and 50GB of RAM and still possesses its own discrete RTX 3090. This discrepancy is due to some resources being dedicated to running Ubuntu LTS. This manages all of the VMs, and without it, none of these powerful VMs would be able to function at all.

          Ubuntu LTS

          Software and hardware is directly managed through Ubuntu LTS installed onto a 2TB drive. This is the beating heart of the Comino Grando RM-S, and you’re able to further manage the configuration from here, which is incredibly complex. The native Linux LTS package offers the opportunity to monitor each VM’s usage and resources individually for full control over maintenance and diagnostics, giving you easy access to resolve any issues.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Orion Browser: A Future Best Web Browser for the Mac?

          Today in Tedium: It’s often been suggested that the web browser is at real risk of becoming a monoculture, all thanks to the browser engine behind most of our clicks. Chromium and its forked-off predecessor WebKit are everywhere, defining the frame through which we access the internet. (Not helping is the fact that Firefox, the internet’s third rail, occasionally has a show-stopping problem, like the issue with HTTP/3 that made it briefly unusable last week.) The concerns about the market becoming driven by just one or two browsers is a key reason why the browser market appears to be evolving in a way probably not seen in quite some time; a lot of new browsers are in the works these days! Sure, there are some quite-good options that are fairly established at this point, like the power-user-focused Vivaldi, that appear to be focused on more specific niches, but the mainstream seems like something of a lost cause. So what makes someone want to reinvent the wheel and make a mainstream play on one of the most common things in all of tech? Well, I asked someone who’s working on a hot new browser. (Perhaps you’ve heard of it? It’s called Orion.) Today’s Tedium talks browsers, ad-tracking, and shifting paradigms

          [...]

          $49

          The amount that Netscape charged for version 3.0 of its Navigator software, which at the time was competing against version 3.0 of Microsoft’s Internet Explorer, which was available for free. (It was, admittedly, something of a leaky-faucet business model, akin to shareware.) In a 1996 review in Fast Company, reviewer John R. Quain made the case that Netscape was a better deal despite the significant cost difference by saying this: “When did you hear of Bill Gates giving away for free something you’d want? Bottom line: cough up the $49 for Navigator.” Most people did not heed this advice, and within a few years, Netscape’s 80 percent market share was basically gone, in favor of a free (and dominant) Microsoft browser.

        • Mozilla

          • Firefox Nightly: These Weeks in Firefox: Issue 107

            Mozilla has a booth at FOSDEM with some talks scheduled. Come hear us talk about Firefox Development, Searchfox, Common Voice, SUMO and more!

          • Foxstuck: Firefox browser bug boots legions of users offline

            In a hard-to-beat demo of the perils of software telemetry, Mozilla accidentally kicked legions of users offline last week by an update to its telemetry servers that triggered an existing bug in Firefox. Internally, Mozilla is calling the bug “foxstuck”.

            Firefox periodically reports back some fairly innocuous info, including how long your session lasted, how many tabs and windows you had open, what extensions you have and so on. You can see a list by entering about:telemetry in the address bar.

      • Productivity Software/LibreOffice/Calligra

        • OnlyOffice 7.0 Released with Form Filling, Windowed Mode + More

          ONLYOFFICE 7.0 is now available to download for Windows, macOS and Linux.

          As the first major update to this free, open source office suite this year you won’t be surprised to hear it’s a fairly big one with a wide range of tweaks, features, and improvements included.

          ONLYOFFICE 7.0 (that’s how they stylise the name; it’s not me shouting) inherits all of the improvements in the cloud-side version the suite, such as the ability to create and edit forms (often distributed in the .docxf format). Filled-in forms can be saved as a PDF file to share elsewhere or the native .oform format.

        • ONLYOFFICE 7.0 released

          Version 7.0 of the ONLYOFFICE office suite is available.

        • ONLYOFFICE 7.0 Brings Online Forms and Big Updates for All Editors

          Fillable forms, password protection, and version history in spreadsheets are just some of the new features in this ONLYOFFICE 7.0 release.

          ONLYOFFICE is a free cross-platform business-class productivity platform designed for internal team collaboration. It’s unique in that it includes document, spreadsheet, and presentation editors in a single desktop app.

          This open-source Office alternative works with the most popular file formats including DOCX, ODT, XLSX, ODS, CSV, PPTX, and ODP, and is free to use on Linux, Windows, and Mac platforms. In addition, ONLYOFFICE can be integrated with popular sync and share apps, such as ownCloud, Nextcloud, and Seafile.

          Recently, a new version ONLYOFFICE 7.0 was announced by the team. With that said, let’s quickly take a look at what’s new.

        • LibreOffice Sees New Activity For Compiling To WebAssembly – Phoronix

          Last May there was some work on compiling LibreOffice to WebAssembly as another means of getting this open-source office suite executing within the web browser and other environments. It had been quiet since on the LibreOffice WASM front but a number of new commits were merged this morning.

          [...]

          This activity comes with LibreOffice 7.3 already being branched ahead of its release in February, so we’ll see how much more WebAssembly development activity and interest there is for the office suite’s cycle ahead to see what sort of shape it will be in come August. Outside of safe browser execution, there is growing interest among many for WebAssembly to be a portable format for software on the desktop with various run-times / implementations for sandboxed execution in a performant manner.

      • Public Services/Government

        • Help Chile write free software values, privacy, and digital sovereignty into their constitution

          For those out of the loop, a group which included myself up until recently, Chile is in the midst of a revolution. They’re fighting against the increased cost of living, privatization of essential services, and worsening inequality — problems facing everyone who lives under capitalism around the world — but in Chile’s case, the people actually seem to be winning. The Chilean people voted overwhelmingly in favor (80% with a 50% turnout) of rewriting the constitution, a constitutional convention has been assembled, and a call has been made for the Chilean people to re-define their country’s values.

          One of the answers to this call arrived in my inbox courtesy of Felix Freeman, a Chilean hacker and activist for free software, free culture, and free knowledge, who asked me to signal boost Propuestas constitucionales para Chile en la era de la información, three proposals to establish the following principles in the foundations of Chilean law…

    • Standards/Consortia

      • Font-independent pixel-perfect negative CSS text-indents

        The CSS text-indent property is used to offset the first line of text in a text block from the parent element’s inner box (the content area). It behaves like the padding-inline-start property, but only for a paragraph’s first line of text. It’s meant to allow your design to e.g. indent the first line to designate the start of a new paragraph (a more compact alternative to separating paragraphs by empty lines).

        The text-indent property has some additional uses with negative values. In this article, I’ll explore how the property can be used to implement hanging punctuation and list item markers. I’ll also discuss how difficult it is to know how many pixels to subtract for the desired effect, and how you should implement it instead. Some familiarity with CSS syntax, layout concepts, and common properties is assumed.

        The CSS Text Module includes a hanging-punctuation: first property. It’s meant to let leading paragraph punctuation, such as opening quotation marks in a blockquote, be hung adjacent to the first paragraph but be outside the content area. This effect lets the text itself maintain a rigid line against the left-side gutter.

  • Leftovers

    • Hardware

      • Giving Vintage Synths New Life In A Potentiometer Cleaning Showdown | Hackaday

        As anyone who has ever owned a piece of older equipment that has a potentiometer in it can attest to, these mechanical components do need their regular cleaning ritual. Whether it’s volume knobs on a receiver or faders on a mixer, over time they get crackly, scratchy and generally imprecise due to the oxidation and gunk that tends to gather inside them.

    • Integrity/Availability

      • How CTAP2.0 made UserVerification even more confusing — Firstyear’s blog-a-log

        I have previously written about how Webauthn introduces a false sense of security with how it manages UserVerification (UV) by default. To summarise, when you request “preferred” which means “perform UV if possible”, it can be bypassed since relying parties’s (RP) do not check if UV was actually performed, and Webauthn makes no recommendations on how to store credentials in a manner that allows future checking to ensure UV is requested or validated correctly.

        From this, in Webauthn-RS we made the recommendation that you use either “required” to enforce all credentials have performed UV, or “discouraged” to request that no UV is performed by credentials during authentication or registration.

        At the same time, in the Webauthn-RS project we begun to store two important pieces of credential metadata beyond the Webauthn specification – the result of UV from registration, and the policy that was requested at the time of registration. We did this because we had noticed there were classes of credentials, that even in “discouraged” would always verify themself at registration and authentication. Because of this property, we would enforce that since UV was performed at registration, we could continue to enforce UV on a per credential basis to detect possible credential compromise, and to further strengthen the security of credentials used with Webauthn-RS.

      • Proprietary

        • Pseudo-Open Source

        • Security

          • Sysjoker: The Malware Hiding In Plain Sight – Invidious

            Modern malware is boring but by being boring it can hide in plain sight, this is Sysjoker the malware that hides as a system update and runs on all 3 major updates

          • Security updates for Wednesday [LWN.net]

            Security updates have been issued by CentOS (firefox, gegl, kernel, and thunderbird), Debian (nvidia-graphics-drivers), Fedora (btrbk and thefuck), Mageia (clamav, kernel, kernel-linus, vim, and wpa_supplicant), openSUSE (java-1_8_0-ibm, jawn, nodejs12, nodejs14, SDL2, and virglrenderer), Red Hat (gegl, gegl04, java-17-openjdk, and kernel-rt), Scientific Linux (gegl and httpd), SUSE (apache2, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libvirt, nodejs12, nodejs14, openstack-monasca-agent, spark, spark-kit, zookeeper, python-Django, python-Django1, python-numpy, SDL2, and virglrenderer), and Ubuntu (byobu, clamav, and ruby2.3, ruby2.5, ruby2.7).

          • Identifying Malware By Sniffing Its EM Signature | Hackaday

            The phrase “extraordinary claims require extraordinary evidence” is most often attributed to Carl Sagan, specifically from his television series Cosmos. Sagan was probably not the first person to put forward such a hypothesis, and the show certainly didn’t claim he was. But that’s the power of TV for you; the term has since come to be known as the “Sagan Standard” and is a handy aphorism that nicely encapsulates the importance of skepticism and critical thinking when dealing with unproven theories.

            It also happens to be the first phrase that came to mind when we heard about Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification, a paper presented during the 2021 Annual Computer Security Applications Conference (ACSAC). As described in the mainstream press, the paper detailed a method by which researchers were able to detect viruses and malware running on an Internet of Things (IoT) device simply by listening to the electromagnetic waves being emanated from it. One needed only to pass a probe over a troubled gadget, and the technique could identify what ailed it with near 100% accuracy.

          • The Linux Foundation Announces SupplyChainSecurityCon will be Featured Under the Open Source Summit North America 2022 Conference Umbrella
          • The Linux Foundation Announces SupplyChainSecurityCon will be Featured Under the Open Source Summit North America 2022 Conference Umbrella
          • Linux admins urged to patch full-disk encryption bug that allows decryption without a password [Ed: Requires physical access]

            Linux admins have been urged to patch a high-risk, full-disk encryption (FDE) vulnerability impacting Linux Unified Key Setup (LUKS) encryption software and its crytpsetup programme, which could allow an attacker with physical access to a system to decrypt data on the machine without using a password.

            The issue, indexed as CVE-2021-4122, impacts LUKS 2.2.0 and later, according to Milan Broz, a cryptsetup administrator, who was credited for discovering the bug.

          • Reproducible Builds: Debian and the case of the missing version string

            If you’ve been following my twitter recently you probably noticed there’s now a rebuilderd based Debian rebuilder run by the Purdue Trustworthy Software Ecosystems Lab. The rebuilder backend – the code that’s actually re-creating the build environment and running the build – is debrebuild.py, written by Frédéric Pierret from the QubesOS project. The setup as a whole automatically monitors packages in Debian unstable, then downloads the source code, build-dependencies and attempts to compile a bit-for-bit identical binary package. If this succeeds, the package is marked as “reproducible”.

            The 62.89% reproducible number is currently significantly lower than the 94.6% reproducible number reported at tests.reproducible-builds.org/debian/. This blogpost is diving into why that is and why there are different challenges in “rebuilding” done in this setup vs “build environment fuzzing”2 done by tests.reproducible-builds.org.

          • Protect your PHP website from bots with this open source tool | Opensource.com

            PHP is a widely-used programming language on the web, and it’s estimated that nearly 80% of all websites use it. My team at CrowdSec decided that we needed to provide server admins with a PHP bouncer to help ward away bots and bad actors who may attempt to interact with PHP files.

            CrowdSec bouncers can be set up at various levels of an applicative stack: web server, firewall, CDN, and so on. This article looks at one more layer: setting up remediation directly at the application level.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

          • Privacy/Surveillance

            • Australia’s privacy laws: recommendations for legal changes

              Australians’ privacy hangs in the balance as the government reviews the Privacy Act 1988 and updates the law. Here are the key legal changes Australians should fight for.

              The future of privacy in Australia is taking shape, and now is the time to take a stand. The government review of the Privacy Act is crucial to protect Australians’ right to privacy and ensure people’s control of their information in the digital environment. The resulting law will determine how Australia will enforce data protection, which is key for its success. While the government’s Discussion Paper has some good proposals, they’re not sufficient. We must push for additional improvements to the law.

              Access Now has submitted comments on the Privacy Act review, and you can read them in full here. We encourage fellow civil society organisations and human rights advocates to take advantage of all opportunities to push for changes that will shape the law for the better.

              Here are some of the most important changes we are calling for. We hope you join us to demand a privacy law fit for today’s digital world.

    • Finance

      • ‘Silicon Savannah’ Kenya targets loan apps abusing customer data

        Digital lenders have boosted access to credit in Kenya but some are using ‘predatory’ practices to profit from the poor, consumers and authorities say

        The 14 days given to John Bigingi to repay a loan of 8,200 Kenyan Shillings ($72) had barely lapsed when he started receiving text messages threatening to call the contacts on his phone and expose him as a defaulter.

        “Silence means you don’t want to pay your loan which is already due,” said an SMS message sent by digital lender iPesa to Bigingi and shown to the Thomson Reuters Foundation.

        “Take it serious. Your 50 contacts and emergency contacts will start receiving 20 calls and 15 messages (at) exactly 6 p.m. Pay now to avoid embarrassment!!!” read the message, which was written in capital letters.

        The 42-year-old Kenyan taxi driver was horrified.

        “I didn’t understand how they got my contacts but soon after they called my closest relatives, including my brother and my wife, who didn’t know about the loan,” he said.

    • Internet Policy/Net Neutrality

      • How to use the new dislike-less Youtube

        You may have also heard that there’s a whole bunch of new browser extensions out there, which restore the Dislike count functionality. While this is a noble effort, it is also totally misplaced. Like any solution that tries to fix a fatal flaw in the original product, it actually helps perpetuate the flaw by hiding it.

        We’re all guilty of doing this. For instance, I am using Open-shell in Windows 8 and Windows 11 (which I only use for testing, mind). The real solution is, if you don’t like something, don’t use it. If you keep using it, the original creator or owner of the flawed product has no incentive to change it (unless materially affected). And so, if you keep using Youtube even though you HATE the change – you’re doing exactly zero. It’s a very simple formula. Youtube makes a change to their UI, people continue using the product, end of story. No dilemma. Nothing. Simple maffs!

        And so, I think the extensions don’t actually help. They allow more people antagonistic to the change to keep using Youtube despite the change, they hide the change, and help perpetuate its status, regardless of everything else. If people still go by the Like/Dislike ratio as their gauge for the video clip quality, well all right then, be my guest. But since I think the whole metric is pointless, removing one half of it doesn’t make any difference. Half of pointless is still pointless. And there are better ways. I just showed you.

Links 19/1/2022: ArchLabs 2022.01.18 and KDE’s 15-Minute Bug Initiative

Posted in News Roundup at 10:05 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Server

      • Istio / ISTIO-SECURITY-2022-002

        Istio version 1.12.0 and 1.12.1 are vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that they may not have access to, such as Pod.

    • Kernel Space

      • Linux 5.16 released: Bootlin contributions

        Linux 5.16 has been released on January 9. As usual, our recommended reading to learn more about this release is the corresponding Kernelnewbies.org page and the two articles from LWN covering the 5.16 merge window: part 1 and part 2.

      • Graphics Stack

        • Announcing Kopper – Mike Blumenkrantz – Super. Good. Code.

          The last thing I remember Thursday was trying to get the truth out about Jason Ekstrand’s new role. Days have now passed, and I can’t remember what I was about to say or what I did over the extended weekend.

          But Big Triangle sure has been busy. It’s clear I was on to something, because otherwise they wouldn’t have taken such drastic measures. Look at this: jekstrand is claiming Collabora has hired him. This is clearly part of a larger coverup, and the graphics news media are eating it up.

          Congratulations to him, sure, but it’s obvious this is just another attempt to throw us off the trail. We may never find out what Jason’s real new job is, but that doesn’t mean we’re going to stop following the hints and clues as they accumulate. Sooner or later, Big Triangle is going to slip up, and then we’ll all know the truth.

    • Instructionals/Technical

      • Configure Pi-Hole with Ubuntu 20.04 Headless Server

        Today we will discuss Pi-hole configurations and their usability. Though it was not planned, for the last few days, I was writing on firewalls only. Going through different Linux platforms got encountered the server. The service is really interesting. Ads are good for revenue generations, but sometimes it is annoying when considering the production environment. Usually, users have adblockers on their browsers, such add-ons are not so effective sometimes. Either they are required to keep updating all the time or are not able to detect ads in some cases. Here, is the answer Pi-Hole can do all for you. This gateway will get installed on the Network and will start detecting ads and pop-ups across the network and will block them automatically.

      • List All Installed Packages in RHEL and CentOS

        Hi guys, In this small article, we will show you how to list all installed rpm packages on CentOS and RHEL.

      • How to use Cloudformation to create SQS Queues on AWS

        AWS Simple Queue Service (SQS) is a fully managed message queuing service that enables us to decouple and scale microservices, serverless applications, and distributed systems. Using SQS, we can send, store, and receive messages between software components without losing them. AWS SQS offers two types of message queues, Standard queues and FIFO Queues. To understand more about SQS Queues, search for “How to create an SQS Queue on AWS?” article.

        AWS CloudFormation allows us to use programming languages (yaml/json) or a simple text file to model and provision all the resources needed for our applications. This gives us a single source of truth for our AWS resources.

        In this article, we will see the steps to create a Standard and FIFO Queue using Cloudformation Stack.

      • How to schedule system updates in CentOS 8 / RockyLinux 8 and keep the system secure

        Hello, friends. In this post, you will learn how to schedule system updates in CentOS / RockyLinux. Thanks to this, you will have an improved way to perform this system task.

        Upgrading the operating system is a basic task to make it a little more secure and stable. Because this process installs the necessary updates to fix bugs and increase the reliability of the system.

        Although it is a quick process to do, it can often be forgotten in the hustle and bustle of work and/or study. So we can always have some tools to help us automate the process.

        If you use CentOS 7 / 8 or any distribution of the RHEL family you may notice that if you go many days without updating the system, it suggests you install dnf-cron or yum-cron according to the version of the system.

        So, I will show you how to use these tools to schedule system updates.

      • How to install PlayOnLinux on a Chromebook in 2022

        Today we are looking at how to install PlayOnLinux on a Chromebook in 2022. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • Bash Write to File – ByteXD

        Reading and writing to files are common tasks among Linux command-line users. There are two ways in bash you can use to write to files including the redirection operator (>) and the tee command. You need to have write permission in order to input any data into a file, otherwise, you will end up with a permission denied error.

        In this article, we will discuss the bash write to file operation using the redirection operator and tee command for example.

    • Wine or Emulation

      • Wine 7.0 is officially out now bringing better compatibility

        Just over a year since the last major version bump, Alexandre Julliard has announced the final release of Wine 7.0. This is the compatibility layer that allows you to run Windows applications and games on Linux, macOS and other systems.

        For those who have been running the biweekly development releases, the feature list of what has changed won’t be new. As the main releases are just all the work in the development releases, plus a little extra time spent on bug fixing during the Release Candidate stage.

      • Wine 7.0 is a Massive Upgrade with Improved Windows App Support, New Theme, and More Improvements

        Wine is the ultimate tool for Linux users relying on Windows-specific applications and games.

        With every release, we find better support for games and applications. And, anything that uses Wine as its backbone (like Lutris and others) benefits as well.

        And, it gets more exciting with Wine’s first release for 2022!

        Wine 7.0 stable release is here with massive upgrades! Here, I shall mention the key highlights and how to install it.

    • Games

      • dbrand are cooking up something big for the Steam Deck | GamingOnLinux

        It’s not entirely clear what dbrand has planned, however their team are clearly cooking up something with a teaser being posted on Twitter.

        Who are dbrand? They’re a company that specialises in creating custom skins, cases, screen protectors and plenty more for various hardware from phones to consoles and stuff in between – they even make face masks. They’re really popular so it’s not surprising to see plenty of excitement around their plans for the Steam Deck.

      • One of the most challenging VR rhythm games releases February 10 | GamingOnLinux

        VR rhythm game Groove Gunner from BitCutter Studios Inc will be leaving Early Access on February 10. If you own a VR kit, this is one you need to try. It will make you sweat – probably a lot.

        Much like other rhythm games, it’s all about speed and accuracy. Instead of cutting through blocks like you do in Beat Saber, you have two coloured guns which you use to shoot and each arm also has a shield that you need to block incoming projectiles with. It’s very different to any other rhythm game and easily stands above some other attempts to make a VR game.

      • RetroArch need your feedback on their Open-Hardware planned for 2022 | GamingOnLinux

        RetroArch announced back in February 2021 their plans for the Open-Hardware project. This was to bring an easy way for you to play your legally owned physical games directly in emulators and they have an update on their plans.

        The idea is a sound one. Giving you open source hardware to plug in various cartridges from retro consoles, with great integration with RetroArch directly. You would no longer need to rely on various hard to come by proprietary solutions. In the new blog post though, plans have changed – and sounds like it’s for the better.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • The 15-Minute Bug Initiative

          In my 2022 roadmap, I mentioned something called the “15-Minute Bug Initiative.” Today I’d like to flesh it out and request participation! This blog post is not only informational, but I really hope any developers reading along will get excited and decide to participate.

          KDE software has historically been accused of being resource-intensive, ugly, and buggy. Over the years we’ve largely resolved the first two, but the issue of bugginess persists.

          Have you ever had that experience where you’re introducing someone to a KDE Plasma system and to your horror, they run into multiple bugs within moments? These are the issues we need to fix first: those that can be easily encountered within 15 minutes of basic usage. They leave a bad taste in people’s mouths and provide the impression that the system is a house of cards. It’s time to remedy this final strategic weakness of KDE, starting with Plasma itself.

        • KDE begin the 15-Minute Bug Initiative to make Plasma great | GamingOnLinux

          KDE Plasma is a pretty frelling great desktop environment – but couldn’t it be better? The KDE team have begun the previously announced 15-Minute Bug Initiative.

          The idea is to clean up issues in Plasma that affect the user experience within the first 15 minutes of booting. Encountering bugs quickly will put people off and gives a bad impression of not just Plasma, but of Linux as a whole. So this is their time to shine, especially with the Steam Deck coming that uses Plasma for the normal desktop mode.

        • KDE’s 15-Minute Bug Initiative Gets Underway – Phoronix

          KDE developer Nate Graham has sorted through plans for the 15-minute bug initiative for focusing on correcting many low-hanging bugs affecting the KDE desktop that should be able to be quickly discovered by users.

          In recent months KDE developer Nate Graham, who is also known for his wonderful KDE weekly development summaries, has been figuring out how to improve KDE’s reliability and one of the main drivers is working on bugs that should take only “15 minutes” or less to be something normal users would encounter.

          Per the now-published list of 15-minute bug criteria, these are bugs that affect KDE’s default setup, are 100% reproducible, something basic that doesn’t work or looks visually broken, may cause a crash, requires a reboot or terminal command to fix, there is no workaround, a recent regression, or a bug report with more than five duplicates.

    • Distributions

      • New Releases

        • ArchLabs 2022.01.18 Release

          Welcome to 2022, along with the arrival New Year there is a new ArchLabs release.

          This is one of the more exciting releases we have put out in quite some time because with the new additions we also have three new team members to join Nate, Dima and myself. So before I get into the changes please welcome, Doug, Will and Piotr.

          It’s been amazing to have these guys with us and they have had a huge impact as you will soon read.

          In brief, we have added Nate’s much loved Window Manager dk, this has been a often requested addition and we are really happy to bring it to you. Any questions surrounding dk can be posted at the forum

          Piotr has brought with him his most excellent additions for the Sway Window Manager, known as nwg-shell. This brings a nice preset panel and other goodies to Sway. You can read more here at the README.md. Again, any issues or questions you may face can be posted at the forum.

          You can grab the latest release here. For any support please post your question or issue in the relevant category at the ArchLabs Forum.

      • Canonical/Ubuntu Family

        • What is the ’Ubuntu Pro’ Banner in Software Sources About?

          The banner isn’t a nag screen; you have to open the Software & Updates tool (which is often referred to as the ‘software sources’ utility) and click on the Livepatch tab to see it…

          Livepatch is Ubuntu’s LTS-only reboot-free kernel update mechanism which is especially handy in situations where rebooting a system (or a fleet of systems) to apply a security update is …unideal. Chances are those looking to enable Livepatch are the kinds of people who might want to make use of Ubuntu Pro for desktop too.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Best Free and Open Source Alternatives to IBM SPSS

        International Business Machines Corporation (IBM) is an American multinational technology corporation headquartered in Armonk, New York. They sell computer hardware, middleware and software employing over 370,000 people.

        IBM acquired Red Hat in 2019. But you can trace IBM’s history of open source far further back. They were one of the earliest champions of open source, backing influential communities like Linux, Apache, and Eclipse, advocating open licenses, open governance, and open standards.

      • Apache Hop Hops To Top-Level Project Status – Phoronix

        After starting off in development more than two decades ago as Kettle, Apache Hop in its current form has now made it to being an Apache Software Foundation top-level project.

        Apache Hop is an orchestration platform for facilitating both data and metadata orchestration. Apache Hop supports visual development, is lightweight in nature, metadata driven, offers hundreds of plug-ins, and has built-in lifecycle management. Apache Hop originally started out more than two decades ago as Extract-Transform-Load (ETL) platform Kettle.

      • Programming/Development

        • Loose Coupling with Signals & Slots – KDAB

          Here at KDAB, we recently published a library called KDBindings, which aims to reimplement both Qt signals and slots and data binding in pure C++17.

          To get an introduction to the KDBindings implementation of signals and slots, I recommend that you take a look at the KDBindings Getting Started Guide. It will give you an overview of what signals and slots are, as well as how our implementation of them is used. Alternatively, take a look at our introductory blog post.

        • Qt Creator 6.0.2 released

          We are happy to announce the release of Qt Creator 6.0.2!

          We fixed a performance regression of code completion on Windows and macOS, and that commercial plugins on Linux linked against the non-standard GLX and OpenGL libraries. Check our change log for more improvements.

        • What is the ‘range’ of a number type?

          In programming, we often represent numbers using types that have specific ranges. For example, 64-bit signed integer types can represent all integers between -9223372036854775808 and 9223372036854775807, inclusively. All integers inside this range are valid, all integers outside are “out of range”. It is simple.

        • One of the First Steps to Become a Data Scientist

          One of the First Steps to Become a Data Scientist, You’re not alone in your desire to become a data scientist.

          Many people aspire to work in this sector since it is such an exciting and innovative field in which you can truly leave your mark on the world as a data specialist who can solve problems and inform decision-making processes.

          Before you take that first step, though, here are some important things to keep in mind.

        • Python

          • How to Initialize a Dictionary in Python

            Dictionaries are quite diverse when it comes to their creation in python code. There are a lot of methods one can find to initialize the dictionary and make use of other data structures in those methods. This article will discuss how to initialize a dictionary data structure in Python language. We have been using Spyder3 for implementations. Let’s start.

          • How to Make an HTTP Client Program in Python

            The HTTP protocol sends a client request to the webserver, retrieving specific data and information if the transaction is legitimate. Using many methods provided in the python request package, you could examine the server’s answer. Therefore, within this guide today, we will discuss some HTTP client’s programs in python. The implemented python scripts execute mostly on the client-side and show the results of the server’s reply in this guide. So, let’s get started with our first example in Spyder 3.

        • Rust

          • Rust Compiler January 2022 Steering Cycle

            On Friday, January 14th, the Rust Compiler team had a planning meeting for the January steering cycle.

            Every fourth Friday, the Rust compiler team decides how it is going to use its scheduled steering and design meeting time over the next three Fridays.

  • Leftovers

    • Opinion | No Good Comes From the Valorization of Parenthood and the Denigration of Adopting Animals

      On January 5, 2022, Pope Francis spoke in Rome and described people who have pets instead of children as selfish. He went on to say that pet keeping was “a denial of fatherhood and motherhood and diminishes us, takes away our humanity.”

    • Democrats in Name Only
    • The Radical Vision of Silme Domingo and Gene Viernes

      The cost of labor rights in the United States has always been paid in workers’ blood. Many of the labor movement’s most critical moments are scented with gunpowder and dynamite and punctuated by funerals. Many of the movement’s greatest heroes have been beaten or imprisoned, and cops and assassins have murdered rank-and-file leaders like IWW organizer Frank Little, strike balladeer Ella May Wiggins, Laborers head Joseph Caleb, United Farmworkers strike leader Nagi Daifullah, and United Mineworkers reformer Jock Yablonski. But even against that backdrop, the story of Silme Domingo and Gene Viernes sounds more like a 1980s action movie than the real, horrific tragedy that it was. In 1981, a foreign despot organized the gangland execution of two young Filipino union organizers, with guns furnished by their own union president.

    • Ominous History in Real Time: Where We Are Now in the USA

      Dollar figures can look abstract on a screen, but they indicate the extent of the mania. Biden had asked for “only” $12 billion more than President Trump’s bloated military budget of the previous year — but that wasn’t enough for the bipartisan hawkery in the House and Senate, which provided a boost of $37 billion instead.

      Overall, military spending accounts for about half of the federal government’s total discretionary spending — while programs for helping instead of killing are on short rations at many local, state, and national government agencies. It’s a nonstop trend of reinforcing the warfare state in sync with warped neoliberal priorities. While outsized profits keep benefiting the upper class and enriching the already obscenely rich, the cascading effects of extreme income inequality are drowning the hopes of the many.

    • Toward Bakersfield

      Because the road comes without calling it, head low like it doesn’t want trouble but really does,

    • Court Says That Travel Company Can’t Tell Others How Much Southwest Flights Cost

      A few months back, we wrote about Southwest Airlines’ ridiculously antagonistic legal strategy against aggregators that would scrape information on flights and prices from Southwest.com and help people find flights and prices. The case we covered was the one against Skiplagged, but it was related to a separate case against Kiwi.com. Skiplagged had argued that it didn’t violate Southwest’s terms of service since it wasn’t scraping info from Southwest… but rather had scraped it from a different site, Kiwi.com, which in turn had scraped it from Southwest.com.

    • Thoughts for the End of Days: a Morning Star, Insatiability, DishBrain, Xenobots
    • Columbia University Has Lost Its Way

      When Columbia University celebrated its 250th anniversary in 2003, President Lee Bollinger honored Columbia’s history and special place in society as “one of the leading institutions of higher learning in the world.” He noted that a university’s purpose in cultivating “democratic personalities” in our students and the wider society is grounded in “a spirited curiosity coupled with a caring about others (the essence of what we call humanism).” A great university, he observed, serves as a humanistic counterpoint to “more often cited interests in property and power, around which we organize the economic and political systems.”     

    • Trans activists will not be charged for sharing J.K. Rowling’s address on Twitter

      On the eve of Transgender Day of Remembrance in November, comedian Holly Stars, actor Georgia Frost and drag star Richard Energy staged a demonstration in front of Rowling’s home near Edinburgh, Scotland, to protest her views on the trans community.

      The trio were criticized for posting a now-deleted photo on Twitter with Rowling’s home address visible in the background.

    • Why do American airlines say 5G networks will ground their planes?

      The airlines are worried about supposed interference between 5G transmitters near airports and radar altimeters, instruments on planes that use radio waves to determine an aircraft’s altitude. The Federal Communications Commission (FCC), which regulates commercial use of the radio spectrum in America, studied the question in 2020 and concluded the two systems could work together. The Federal Aviation Administration (FAA), which is responsible for air travel, disagreed, and said that flying could be unsafe. After months of arguments the two agencies hammered out a compromise this month, in which mobile networks would implement “exclusion zones” around certain airports while more studies were carried out. The airlines’ last-minute announcement suggests that deal is now off, though on January 18th Verizon and AT&T, two telecoms companies, agreed to pause turning on some wireless towers. On the same day several international airlines—including Air India, Emirates, and Air Japan—cancelled flights to several American cities, citing concerns about 5G.

    • YouTube will stop making most original shows

      YouTube will scale back a significant portion of YouTube Originals, which produced original content including scripted series, educational videos, and music and celebrity programming. Chief business officer for YouTube Robert Kyncl announced the changes today in a statement on Twitter.

      Going forward, the company will only fund originals in the YouTube Kids Fund and the Black Voices Fund, a program created in 2020 that committed $100 million to “amplify” Black creators on the platform.

    • Education

    • Health/Nutrition/Agriculture

      • Broken Healthcare Promises Could Spell Midterm Disaster: Jayapal

        Rep. Pramila Jayapal warned Monday that the upcoming midterm elections could be painful for Democrats if they fail to substantively deliver on their healthcare-related campaign promises, which ranged from tackling sky-high drug prices to lowering the Medicare eligibility age.

        “It has been a concern for us,” Jayapal (D-Wash.), chair of the Congressional Progressive Caucus and lead sponsor of the Medicare for All Act of 2021, told the Washington Post. “You can see it with the number of Democrats in vulnerable districts across the country who want to be able to go back and tell people that we’ve lowered their costs for child care, for pre-K, for elder care, for drug pricing, for healthcare.”

      • Pennsylvania Says Legal Medical Marijuana Means Cops Can’t Just Sniff Their Way Into Warrantless Searches

        The legalization of marijuana is changing the probable cause equation all over the nation. What used to be an easy bust and/or a great way to engage in warrantless searches is no longer guaranteed. Probable cause on four legs — police drug dogs — can’t automatically justify further intrusion by police officers. A drug dog trained to detect the odor of now-legal drugs is now more a hindrance than an enabler of warrantless searches.

      • How the Pandemic Threw Fuel on a Growing Housing Movement

        As you drive onto a college campus in the up-and-coming Midtown neighborhood in Santa Fe, N.M., you run into a security gate where you might expect to be asked for some identification. But no one is manning the gate under the wide, wan blue sky of a mid-November day. The College of Santa Fe, which relocated to the Midtown property in 1947, closed in 2009, succumbing to the financial pressures of the last big recession. What’s left is a city-owned plot of 64 acres that’s almost entirely empty, save for some space leased by the Santa Fe Art Institute’s artist residency program and a few other businesses.1

      • How a Powerful Company Convinced Georgia to Let It Bury Toxic Waste in Groundwater

        For the past several years, Georgia Power has gone to great lengths to skirt the federal rule requiring coal-fired power plants to safely dispose of massive amounts of toxic waste they produced.

        But previously unreported documents obtained by ProPublica show that the company’s efforts were more extensive than publicly known. Thousands of pages of internal government correspondence and corporate filings show how Georgia Power made an elaborate argument as to why it should be allowed to store waste produced before 2020 in a way that wouldn’t fully protect surrounding communities’ water supplies from contamination — and that would save the company potentially billions of dollars in cleanup costs.

      • Nursing Unions Say For-Profit Health Care Is Driving Omicron Staffing Crisis
      • People Are Hiding That Their Unvaccinated Loved Ones Died of COVID

        Now the majority of COVID deaths are occurring among the unvaccinated, and many deaths are likely preventable. The compassion extended to the virus’s victims is no longer universal. Sometimes, in place of condolences, loved ones receive scorn.

      • A fourth vaccine dose doesn’t seem to fully stop omicron, study finds

        Hence, two weeks ago, a group of Israeli scientists studied whether the existing Pfizer-BioNTech vaccine can protect against omicron infections if patients are given four doses of vaccine, meaning a two-shot vaccine and two boosters.

        Now, they have an early answer: The booster shot helps somewhat, but not enough to prevent infections. The findings speak to the unique and squirrelly nature of the omicron variant.

    • Integrity/Availability

      • DNS records of 1% .fi domains exposed through Zone Transfers

        DNS Zone Transfer is a mechanism for administrators to replicate DNS datasets across DNS servers. If it is enabled for a DNS nameserver, the nameserver will gladly give all DNS data regarding a domain to anyone who asks. Enabling Zone Transfers will cause an information disclosure and can thus be considered misconfiguration.

        I decided to investigate how common this nameserver misconfiguration is by doing a zone transfer query on all .fi domains I know of (in total 330k domains). This post describes the experiment.

      • DHL displaces Microsoft from top of Check Point’s brand phishing list

        A statement from the company said Microsoft was the second most imitated (20% of emails tracked), while WhatsApp was a distant third (11%). Microsoft has been at the top of this list for quite some time.

        The other companies in the top 10 were Google, LinkedIn, Amazon, FedEx, Roblox, Paypal and Apple.

        Check Point said in a brand phishing attack attackers attempted to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.

      • Proprietary

        • Microsoft addresses last week’s buggy Windows Updates that broke VPNs and rebooted servers [Ed: Windows is unmaintainable, so no wonder users are fleeing]

          Microsoft released an out-of-band (OOB) update yesterday to fix some Windows issues caused by last week’s monthly patching cycle on Patch Tuesday.

          The January 2022 updates that shipped last week included security patches and a fix for Japanese text appearance issues in Windows 11 (KB5009566) and Windows 10 (KB5009543) — along with a secret payload of issues, including unexpected restarting of Domain Controllers and VPN connections using L2TP failing.

          One of the major issues that came up during the week for IT admins included finding that Windows Server 2012 became stuck in a boot loop, while other versions suffered broken Windows VPN clients, and some hard drives appeared as RAW format (and unusable). Many IT Admins were forced to roll back the updates — leaving many servers vulnerable with none of last week’s security patches.

        • Cyberattacks surge amid accelerating pace of Covid-driven digitalisation: WEF study [iophk: Windows TCO]

          The World Economic Forum’s ‘Global Cybersecurity Outlook 2022′, released during its online Davos Agenda summit, further said that each successful cyber breach cost a company $3.6 million (nearly Rs 27 crore) last year, while the average share price of the hacked company underperformed NASDAQ by nearly 3% even six months after the event in case of the breach becoming public.

          The WEF said the global digital economy surged on the back of the Covid-19 pandemic, but so has cybercrime and nearly 80% of cyber leaders now consider ransomware a ‘danger’ and ‘threat’ to public safety.

        • US Windows ransomware attacks in 2021 little changed from 2020 [iophk: Windows TCO]

          The break-up was 77 state and municipal governments and agencies, 1043 schools and 1203 healthcare providers. During 2020, the total was 2354, with the break-up for the same categories being 113, 1681 and 560 respectively.

          At least 118 data breaches resulted from these attacks, with sensitive information posted online in one case.

          The Emsisoft report said in 2021, smaller municipalities and counties were hit, compared to earlier years when big cities like Baltimore and Atlanta were affected.

        • Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. [iophk: Windows TCO]

          If the tactic spreads, it could lead to even more companies and other targets fending off ransomware in the line of nation-state cyberwarfare and cyber-espionage. Like any other malware, ransomware is built to break things.

        • Microsoft to acquire Activision Blizzard for $68.7 billion

          Microsoft doesn’t detail exactly how it will approach solving these issues, and the company says Bobby Kotick will continue to serve as CEO of Activision Blizzard for now. It looks like Kotick won’t remain once the deal is fully closed and after the transition period to Microsoft, though. Spencer, formerly head of gaming at Microsoft, is now CEO of Microsoft Gaming, and the company says the Activision Blizzard business will report directly to Spencer.

        • Five Reasons Microsoft Is Making Activision Blizzard Its Biggest Deal Ever [Ed: Microsoft's booster Dina Bass is still covering Microsoft at Bloomberg; it's more like media operatives of companies nowadays call themselves "journalists"...]
        • Microsoft to buy video game maker Activision Blizzard for $68.7B

          In a buyout that dwarfs others, Microsoft announced plans today to purchase digital game development company Activision Blizzard in an all-cash [sic] deal worth $68.7 billion.

          If the acquisition goes through, it would significantly add to Microsoft’s already sizeable video game operation, which includes “Minecraft” and “Doom.” Activision’s stable of popular video games includes “Call of Duty,” “World of Warcraft,” and “Candy Crush” — all of which are already available through Microsoft’s Xbox console business.

          The deal would give Microsoft a solid foothold in the emerging metaverse industry, which blends the traditional online world with that of the virtual through augmented reality headsets.

        • Why Microsoft is splashing $69bn on video games

          In the short term, the deal gives Microsoft more of a foothold in the smartphone-gaming market, to which it has had little exposure. King, a mobile-focused subsidiary of Activision Blizzard, boasts around 245m monthly players of its smartphone games, most of whom tap away at “Candy Crush”. It is also a strike against Sony. If Microsoft controls the rights to “Call of Duty”, it can decide whether or not to allow the games to appear on Sony’s rival PlayStation machine. When Microsoft bought ZeniMax Media, another games developer, for $7.5bn in 2020, it said it would honour the terms of ZeniMax’s existing publishing agreements with Sony, but that Sony’s access to new games would be considered “on a case-by-case basis”.

        • Microsoft to Buy Activision Blizzard in Mega-Deal Worth $68.7 Billion

          Activision Blizzard, in addition to its core games development and publishing business, runs a global esports network through its Major League Gaming division. The company has nearly 10,000 employees worldwide.

        • Microsoft to acquire Activision Blizzard, publisher of Call of Duty, for $68.7 billion

          The announcement follows reports in November that Microsoft was evaluating its relationship with the video game publisher amid allegations Activision Blizzard CEO Bobby Kotick had known about sexual misconduct claims at the company for years.

        • Microsoft will buy Activision Blizzard, a bet on the next generation of the [Internet].

          The acquisition, Microsoft’s largest ever, would catapult the company into a leading spot in both the video game industry and could strengthen its hand in the nascent world of virtual and augmented reality.

          It is also a challenge to regulators in Washington, as Democrats and Republicans alike have pushed to limit the power of technology giants. Microsoft, which makes Xbox consoles and owns studios that produce hits like Minecraft, has expanded its gaming business to surpass $10 billion in annual revenue. In anticipation of a longer review, Microsoft said it did not expect the Activision deal to close until the next fiscal year, which ends in June 2023.

        • Vote on Digital Services Act: Civil Liberties Committee pushes for digital privacy and free speech online

          This Thursday (20 January, subject to change), Members of the European Parliament will vote on their position on the EU Digital Services Act. The Civil Liberties Committee (LIBE) will put a series of amendments to the vote that propose, among other things, to introduce a right to use digital services anonymously, to restrict government surveillance online, to better protect personal and media content against error-prone upload filters and removal orders, and to disable surveillance-based timeline algorithms by default. The amendments are expected to be voted on Thursday morning. However, the largest political groups seek to avoid amendments to the proposed bill.

        • Security

          • Privacy/Surveillance

            • Podcast Episode: How Private is Your Bank Account?
            • Pegasus Used Against Activist Women in Middle East

              DOZENS OF women journalists and human rights defenders in Bahrain and Jordan have had their phones hacked using NSO Group’s Pegasus spyware, according to a report by Front Line Defenders and Access Now.

              The report adds to a growing public record of Pegasus misuse globally, including against dissidents, reporters, diplomats, and members of the clergy. It also threatens to increase pressure on the Israel-based NSO Group, which in November was placed on a U.S. trade blacklist.

            • Israeli Police Used Pegasus Spyware Against Own Citizens: Report

              Digital privacy advocates were alarmed but not surprised Tuesday by a report alleging that police in Israel used NSO’s Pegasus spyware against Israeli citizens, including opponents of former right-wing Prime Minister Benjamin Netanyahu.

              “When it comes to [Netanyahu] and NSO’s business model, is any of this surprising?”

            • Fake COVID-19 Testing Sites Are Scamming Vulnerable Communities Across the US
            • Are Fake COVID Testing Sites Harvesting Data?

              Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for that and — sorry to break it to you — your data isn’t worth all that much.

            • COVID-19 Testing Chain Opened Pop-Ups Across The US. Now, It’s Temporarily Closing Amid Federal Investigation And Mounting Complaints

              The Center for COVID Control is a management company to Doctors Clinical Laboratory. It provides tests and testing supplies, software, personal protective equipment and marketing services — online and printed — to testing sites, said a person who was formerly associated with the Center for COVID Control. Some of the sites are owned independently but operate in partnership with the chain under its name and with its guidance.

              […]

              Doctors Clinical Lab, the lab Center for COVID Control uses to process tests, makes money by billing patients’ insurance companies or seeking reimbursement from the federal government for testing. Insurance statements reviewed by Block Club show the lab has, in multiple instances, billed insurance companies $325 for a PCR test, $50 for a rapid test, $50 for collecting a person’s sample and $80 for a “supplemental fee.”

              In turn, the testing sites are paid for providing samples to the lab to be processed, said a person formerly associated with the Center for COVID Control.

              In a January video talking to testing site operators, Syed said the Center for COVID Control will no longer provide them with PCR tests, but it will continue supplying them with rapid tests at a cost of $5 per test. The companies will keep making money for the rapid tests they collect, he said.

              “You guys will continue making the $28.50 you’re making for the rapid test,” Syed said in the video.

            • India’s Supreme Court Opens Investigation Into Targeting Of Indian Citizens’ Phones By NSO Malware

              NSO Group’s terrible 2021 is flowing seamlessly into an equally terrible 2022. The leak of a list of alleged targets for its malware — a list that included journalists, activists, government critics, political officials, and religious leaders — led to an outpouring of discoveries linking the company to abusive deployments of malware by a number of questionable governments.

            • Akwasi Frimpong’s Struggle to Represent Africa at the Winter Olympics

              The International Olympic Committee is quick to tout its commitment to inclusion and diversity as “integral components” to creating “a better world through sport.” And yet the IOC is undermining these principles by denying Akwasi Frimpong, a Black skeleton athlete from Ghana, the opportunity to compete at the upcoming Beijing Winter Olympics. (Skeleton is a winter sport like luge, except athletes lie on their stomachs, face forward.) The incident spotlights the chasm between Olympic word and deed. But there is still time to change course and allow Frimpong to realize his Olympic dream.

            • Internet watchdog warns Olympic Games app has security, censorship flaws

              Internet watchdog Citizen Lab is sounding the alarm over security and censorship issues with a smartphone application mandated for use by all attendees of the 2022 Olympic Games in Beijing.

              The University of Toronto-based research laboratory published a report Tuesday, stating the MY2022 app contains numerous issues from a “simple but devastating flaw” permitting access to encrypted voice audio and file transfers to a keyword list that targets nearly 2,500 words for censorship.

            • Are you ready for the Data Protection Bill?

              “The major challenge, what we’re going to get, once we collect a lot of data for decision-making is going to be the erasure of that data. So, based on the guidelines, if the customer says, ‘The process is over, or the project is over, please erase my information’, that time, it’s going to be a major challenge,” Deshpande said.

            • #PrivacyofthePeople: Alexa, Google, Siri, we hear for you?

              Voice-enabled AI assistants like Alexa, Google Assistant and Siri reside not only on our smartphones but also in millions of bedrooms. The intimacy they enjoy presents a range of privacy risks that can be mitigated by a user-centric, rights focussed, data protection law. In this #PrivacyOfThePeople series, we discuss concerns on consent (when and how are such devices collecting data), data retention (storage of parts of audio recordings for undefined periods), cyber security audits (malicious attacks), and data sharing and surveillance (exposure of voice recordings to Voice Assistance training personnel and law enforcement).

              [...]

              The first privacy concern is regarding data retention. All three VAs store a part of user data including audio recordings for an undefined period even when retention of data indefinitely is against the internationally accepted principle of storage limitation.

              [...]

              The second privacy concern is the processing and storage of data without user knowledge and consent. VAs work based on users’ voices – it is their main feature. All the above-mentioned VAs activate upon hearing a particular activation keyword. Although some of the policies claim that the cloud servers do not store data/voice unless the activation word is detected, there is constant exchange of voice & related data between their cloud servers and the VA device. This is especially concerning in cases of false activation when data may be getting stored without actual knowledge.

            • Confidentiality

              • HTTPS is still optional, at least sort of

                I was recently reading this article (via). I have a number of reactions to it, but today’s reaction is to the small portion of its argument that the need for HTTPS certificate renewal (and HTTPS certificates) makes modern websites somewhat dynamic in practice in that you can’t just abandon them and necessarily have everything keep on working. My counterpoint is that HTTPS is still optional for certain sorts of sites, even here in early 2022.

    • Defence/Aggression

      • Untangling Ourselves From the Dark Side

        “You cannot simultaneously prevent and prepare for war.”

        The words are those of Albert Einstein, in a letter to a congressman 75 years ago. He adds, pointing out a truth that is still waiting to resonate culturally and politically: “The very prevention of war requires more faith, courage and resolution than are needed to prepare for war.”

      • From Aerial Strikes to Starvation, Afghanistan’s People Bear the Brunt of the West’s Failed Taliban Tactics

        At the last moment, this Isis suicide bomber detonated his device, killing 13 American soldiers and between 170 and 200 Afghans who were desperately trying to get a flight out of the country.

        Three days later the US fired its last missile in its 20-year-war in Afghanistan at what it said was a car near the airport into which it believed Isis members had loaded a bomb.

      • Civilians Reportedly Among 20 Yemenis Killed in Saudi Airstrike

        Human rights defenders on Tuesday decried Saudi-led airstrikes that killed at least 20 people in Yemen’s capital city of Sanaa, the U.S.-backed coalition’s deadliest attacks since 2019.

        “The increase in fighting in Yemen is having a deadly impact and once again it is civilians that are paying the price.”

      • Opinion | An Epochal Decline in American Global Power

        Throughout 2021, Americans were absorbed in arguments over mask mandates, school closings, and the meaning of the January 6th attack on the Capitol. Meanwhile, geopolitical hot spots were erupting across Eurasia, forming a veritable ring of fire around that vast land mass.

      • Opinion | In South Africa as in Palestine: Why We Must Protect the Legacy of Desmond Tutu

        Long before intersectionality became a prevailing concept which helped delineate the relationship between various marginalized and oppressed groups, late South Africa’s Archbishop Desmond Tutu said it all in a few words and in a most inimitable style. “My humanity is bound up in yours, for we can only be human together,” he said.

      • Seditious Conspiracy Charge Against Oath Keepers Founder and Others in J6 Riot Faces First Amendment Hurdle

        Many observers have noted the absence of “seditious conspiracy” charges in connection with prosecutions of those who took part in the Capitol riot. Participants in the riot have been charged with minor crimes such as trespassing or other lower-level offenses. Others have been charged with more serious offenses, such as obstructing a congressional proceeding or bringing a weapon inside the U.S. Capitol.

        But the seditious conspiracy charges announced on Jan. 13, 2022 by the Department of Justice raise the stakes and political temperature of the Jan. 6 investigation. As a First Amendment scholar, I believe they may also give rise to serious concerns about the rights of others protesting government actions down the road.

      • UN aviation agency releases fact-finding report on Ryanair incident in Belarus

        The UN’s civil aviation agency has released its fact-finding report on the May 2021 diversion of a Ryanair passenger plane to Belarus. The Athens to Vilnius flight was forced to make an emergency landing in Minsk after Belarusian dispatchers warned of an alleged bomb threat. Once the plane touched down, the Belarusian authorities promptly detained two of its passengers: Belarusian opposition journalist Roman Protasevich and Russian national Sofia Sapega, his girlfriend. The arrests prompted an international scandal that resulted in European countries banning airlines from traveling through Belarusian airspace. According to the independent Russian newspaper Novaya Gazeta, which obtained a copy of the fact-finding report, the investigation documents inconsistencies in the Belarusian authorities’ version of events, as well as their failure to comply with standard aviation procedures.

      • Texas Rabbi: Despite False Media Narratives, Synagogue Attack Brought Jewish & Muslim Communities Together

        On Saturday, an armed British man named Malik Faisal Akram took a rabbi and three congregants hostage at a synagogue outside of Fort Worth, Texas, resulting in an 11-hour standoff that ended once the rabbi threw a chair at Akram, who was later shot dead by the police. The standoff — which left all four hostages unharmed — has been identified by President Biden and federal authorities as an antisemitic act of terror. We speak with Rabbi Nancy Kasten, who says despite false media narratives painting the hostage crisis as an outgrowth of hostility between Muslims and Jews, the local Muslim community mobilized in support of the Jewish community this weekend. She also notes Muslim communities are less protected under federal and state law, which “creates a lot of opportunity for very misguided and false information to be perpetrated about the Muslim community.”

      • Aafia Siddiqui, Political Prisoner

        Pakistani-born Boston graduate student Aafia Siddiqui’s crime was to be caught in America’s post 9/11 anti-Muslim hysteria.  She had come to America in 1990 to study, earning a biology degree and then a Ph.D in neuroscience from MIT.  Her colleagues called her quiet and religious (but not a fundamentalist).  Her marriage to Mohammed Amjad Khan ended in divorce when he proved to be violent and more fundamentalist than Siddiqui.  She was mistakenly accused of anti-American Muslim activism initially (partially because of mistaken identity), but the accusations ballooned. In the early War On Terror days, “associations” became much more significant and damning.  Siddiqui ended up on Attorney General John Ashcroft’s “Watchlist.” As the Big Lies of government grew, soon the New York Post was calling her “Lady Al Queda.”

        Once the government labeled her a “terrorist,” she had no chance of escaping the Empire’s punishment. When her true story began to emerge, it was necessary to take action.  While visiting in Pakistan, helped by Pakistani American operatives, she was “disappeared.”  Her youngest child was killed when she was taken, and her other two children imprisoned separately for years. She was beaten, raped, tortured and kept in solitary in black site prisons of the American Empire, particularly in Afghanistan. Other prisoners have testified that they saw her at Bagram, a prison from which the Obama administration prevented prisoners’ court appearances because they might talk about the conditions of their imprisonment. Eventually Aafia Siddiqui would be set up for final punishment and disposal.

      • Who Is Aafia Siddiqui? Synagogue Attack Renews Focus on Pakistani Neuroscientist Imprisoned in Texas

        During Saturday’s synagogue attack in Colleyville, Texas, the gunman Malik Faisal Akram repeatedly called for the release of Pakistani neuroscientist Aafia Siddiqui, who is serving an 86-year sentence in a U.S. federal prison located just miles from the synagogue. Siddiqui was convicted in 2010 on charges that she intended to kill U.S. military officers while being detained in Afghanistan two years earlier. However, many questions remain unanswered about her time in U.S. custody, and her conviction was secured without physical evidence and on U.S. officials’ testimony alone, says Siddiqui’s lawyer, Marwa Elbially. Elbially says there’s a false impression of Siddiqui in the U.S. as a terrorist, even though terrorist charges were never brought against her, and Pakistan officials have voiced concern about her arrest and detention. We also speak with Mauri’ Saalakhan, director of operations for The Aafia Foundation, who calls Siddiqui’s case an unprecedented miscarriage of justice.

      • Enduring Stain: The Guantánamo Military Prison Turns Twenty

        On January 11, 2002, the first prisoners of the absurdly named “War on Terror”, declared with such confused understanding by US President George W. Bush, began arriving at the newly constructed Camp X-Ray prison at the US naval base in Guantánamo Bay.  Structurally crude, it was intended as a temporary facility, remote and out of sight.  Instead, it became a permanent and singular contribution of US political and legal practice, withering due process and civil liberties along the way.

        After two decades, 779 prisoners have spent time there, many of whom were low level operatives of minimal importance.  Prior to being sent to the camp, the detainees endured abductions, disappearances, and torture in US-operated centres in allied countries.  The previous director of the Central Intelligence Agency, Gina Aspel, had more than a nodding acquaintance with this process, having overseen operations at a black site in Thailand specialising in interrogating al-Qaeda suspects.

      • Opinion | Dr. King’s 1967 Anti-War Speech Was Unpopular, But Prophetic
      • 2014 vs. 2022 Ukraine’s improved but still longshot odds of withstanding a full-fledged Russian invasion

        After last week’s talks between Russia, the United States, and NATO led to no apparent breakthroughs on European security, speculation has resumed in the West that Moscow is preparing an expanded invasion of Ukraine that could begin at any time. The Kremlin denies any plans to attack Ukraine, but policymakers in Kyiv and Washington say the Russian military’s buildup near Ukraine’s borders suggests otherwise. Some experts in the West, including several former senior U.S. military personnel, now argue that the Ukrainian Army might be able to withstand a Russian onslaught, if it receives all feasible support from NATO. Hoping that is purely a thought experiment, Meduza reviews some of the theories about how a larger war between Russia and Ukraine could unfold.

      • Bill Clinton’s Role in the Crisis Over Ukraine

        Bill Clinton was initially responsible for the militarization.  He abolished the Arms Control and Disarmament Agency, and began the expansion of the North Atlantic Treaty Organization.  Barack Obama believed that war in Afghanistan was a “good war,” and reappointed Robert Gates as secretary of defense to appease the uniformed military.  President Joe Biden even appointed a retired four-star general to the position of secretary of defense, and has given diplomacy a back seat in the twin struggles with Russia and China.  The postwar presidents understood the need to divide Moscow and Beijing, but Biden has taken actions that have inspired Russia and China to grow closer.

        But it all started with Clinton, whose relations with the Pentagon were tenuous from the outset.  Clinton came into office with a reputation for manipulating the draft laws in 1969 to avoid service in Vietnam.  Clinton, moreover, alienated the military shortly after his inauguration when he suggested that he would allow homosexuals to serve openly in the military.  Of course, George W. Bush, Dick Cheney, and William Cohen avoided Vietnam, but Republicans typically get a pass from the Pentagon and the press when avoiding service.  Former senator John Kerry was a Vietnam War hero, but his ultimate criticism of the war was highlighted by the mainstream media and his Republican opposition.

      • Stop the Stumble Toward War With Russia

        In the technical argot of diplomacy, what’s going on in the Ukraine crisis is nuts.

      • Opinion | Only Cold-War Fools Hit Replay on Doomsday

        In the early 1960s, at the height of America’s original Cold War with the Soviet Union, my old service branch, the Air Force, sought to build 10,000 land-based nuclear missiles. These were intended to augment the hundreds of nuclear bombers it already had, like the B-52s featured so memorably in the movie Dr. Strangelove. Predictably, massive future overkill was justified in the name of “deterrence,” though the nuclear war plan in force back then was more about obliteration. It featured a devastating attack on the Soviet Union and communist China that would kill an estimated 600 million people in six months (the equivalent of 100 Holocausts, notes Daniel Ellsberg in his book, The Doomsday Machine). Slightly saner heads finally prevailed—in the sense that the Air Force eventually got “only” 1,000 of those Minuteman nuclear missiles.

      • Vladimir Putin is Not the Neville Chamberlain the US/NATO is Looking For

        That’s the pot calling the kettle black. More than 30 years after the Warsaw Pact’s dissolution, 77 years after the end of World War Two, the US still keeps 40,000 troops in Germany.

        For 45 years, the justification was to defend Germany from the Soviet Union and the Warsaw Pact. As Germany moved toward reunification, US Secretary of State James Baker assured Soviet premier Mikhail Gorbachev that the North Atlantic Treaty Organization wouldn’t expand so much as “one inch eastward” into the former Soviet sphere of influence it was created to contain.

      • Republicans, Aided by Manchin and Sinema, Are Stonewalling Voting Rights Bill
      • Why voters don’t blame Republicans for the Capitol riot — no GOP leaders have been arrested yet

        The implicit and sometimes explicit support for the insurrection by Republicans is obvious to the politically aware. Not only does the Republican Party continue to cover up Donald Trump’s role in inciting the riot, but the party nationwide is acting on Trump’s demands to help him steal the 2024 election through voter suppression and election interference. Meanwhile, prominent Republican figures continue to promote political violence, while Trump is the strong favorite for the GOP nomination 2024, with an overtly insurrectionist campaign built around his Big Lie.

        The problem is that the voters who are swinging hard to the GOP know basically none of this. Instead, they assume that the Republicans are a normal political party. There are lots of people to blame for this, of course. Biden and Democrats didn’t do themselves any favors by spending the past year talking up “unity” and “bipartisanship,” instead of focusing like a laser on the fact that the GOP is actively conspiring with Trump to cover up for January 6 and perpetuate his war on democracy. The media also plays a role, exhibiting an unwillingness to challenge Republicans directly about their anti-democratic ideology.

        But, ultimately, the biggest problem is the utter lack of accountability for any of the prominent Republicans involved in Jan. 6. Neither Trump nor any Republican leader has been arrested for their efforts to steal the election that led up to the Capitol riot. So far, the only people who have been arrested for the Capitol insurrection have been the people who actually stormed the building or far-right militia types who coordinated their actions that day. So that ends up reinforcing the impression, especially with people who don’t follow the news very closely, that the riot was a result of a bunch of self-directed fringe characters, and has nothing to do with the mainstream Republican Party. Unless the cuffs start coming out for Trump and his fellow elite Republicans, it will be hard to convince these voters to see the insurrection as anything but an anomalous event, instead of part of a larger anti-democratic conspiracy.

      • What Does It Mean If Republicans Won’t Debate?

        The possibility, though, that the RNC tells its 2024 presidential candidate to boycott the official debates is still a remarkable prospect — perhaps no more striking than the RNC’s decision not to write a 2020 party platform. It seems like a significant norm violation since presidential debates have been a part of the general election campaign for more than 40 years. But then again, presidential debates never were one of the most consequential parts of the presidential campaign process. What should we think about this development?

      • R.N.C. Signals a Pullout From Presidential Debates

        Republican committee officials alerted the debate commission to their plans in a letter sent on Thursday, a copy of which was obtained by The New York Times. If the change goes forward, it would be one of the most substantial shifts in how presidential and vice-presidential debates have been conducted since the commission began organizing debates more than 30 years ago.

      • Yle: Russian civilian plane flies mystery route over Finland

        A civilian Russian cargo plane flying between Moscow and Leipzig, Germany, took a rather circuitous route through Finnish airspace Saturday evening, public broadcaster Yle reports, leading to the scrambling of Finnish air force jets in response and prompting speculation over the rationale behind the excursion.

    • Environment

      • Global Plastic Pollution Is a ‘Deadly Ticking Clock’: Report

        “There is a deadly ticking clock counting swiftly down.”

        So says Tom Gammage, an ocean campaigner at the Environmental Investigation Agency (EIA), a United Kingdom-based group whose new report warns that only a muscular global treaty can turn the tide against the life-threatening crisis of plastic pollution. 

      • Rising Chemical Pollution Crosses Crucial ‘Planetary Boundary’

        The level of chemical pollution on Earth has crossed a “planetary boundary” and now threatens global ecosystems that support all life, according to a new study on human-made substances whose production has rapidly increased in recent decades.

        Researchers at the Stockholm Resilience Center (SRC) examined the levels of 350,000 plastics, pesticides, industrial chemicals, and other chemicals and found that human activity is releasing so many of these substances each year that their production has altered “the remarkably stable state Earth has remained within for 10,000 years—since the dawn of civilization.”

      • The Civil War on Yellowstone’s Wolves
      • It’s Time to Stop Rolling the Dice on Chemical Disasters
      • Opinion | America’s Climate Forest Must be Protected Now and for Future Generations

        The snow builds up at this time of year in the far northern forests of the Tongass in Alaska, blanketing this often lush green landscape. The bears that travel across the ravines during summer are now resting, hibernating until spring. The buzzing that comes from a forest teeming with life is now a peaceful hush, save for the calls of a raven or the soft dampened steps of the elk and deer. Every season we see the Tongass in a new light, offering points of wisdom and ways of being that stretch back farther than humanity.  However, as we recognize the beauty of the season, we are also alarmed at how unpredictable the weather has become throughout the year as communities in Alaska are challenged with climate-related extreme weather events—from record breaking snowfall to wind and ice storms to unusually high temperatures.

      • Energy

        • How Exxon Is Leveraging Texas Courts to Silence Its Climate Critics
        • How Exxon Is Using an Unusual Law to Intimidate Critics Over its Climate Denial

          By Chris McGreal, The Guardian. This story was originally published by The Guardian, and is republished here as part of Covering Climate Now, a global journalism collaboration strengthening coverage of the climate crisis.

          xxonMobil is attempting to use an unusual Texas law to target and intimidate its critics, claiming that lawsuits against the company over its long history of downplaying and denying the climate crisis violate the US constitution’s guarantees of free speech.

        • Exxon Net-Zero Plan Called Greenwashing From ‘Climate Liar’

          Climate action campaigners on Tuesday were eager to explain why a net-zero carbon plan released by oil giant ExxonMobil is an example of “more greenwashing” from the company that’s expected to increase its emissions by 17% in the coming years.

          “I don’t give a damn if Exxon is changing the lightbulbs at their office: It’s the millions of barrels of oil they’re producing that are the problem.”

        • Rising US Renewables Expected to Spur Decline in Fracked Gas

          Over the next two years, renewable energy sources are projected to generate a growing share of electricity in the U.S., according to a forecast shared Tuesday by the federal government, which expects a related decrease in production at fossil fuel-fired power plants.

          “Most of the growth in U.S. electricity generation in 2022 and 2023 will come from new renewable energy sources.”

        • UK Oil Regulator Has ‘No Duty’ to Consider North Sea Tax Breaks or Indirect Emissions, Court Rules

          The UK government is not legally required to consider tax breaks to oil and gas companies or emissions from burning fossil fuels when regulating the North Sea sector, a court has ruled today, rejecting a complaint by climate campaigners. 

          At a judicial review hearing in December at the Royal Courts of Justice in London, campaigners argued that the Oil and Gas Authority (OGA) strategy was “unlawful” because it fails to take into account tax breaks for oil and gas companies when approving new projects.

      • Overpopulation

        • Scientists Decry Human Indifference to ‘Probable Sixth Mass Extinction’

          There’s a human-caused extinction crisis underway—probably the start of the Sixth Mass Extinction—and denial or indifference to this planetary crisis is “an abrogation of moral responsibility,” according to scientists behind a new study.

          “We cannot help but feel that humanity is allowing a probable Sixth Mass Extinction to unfold.”

    • Finance

      • Tax on Global Mega-Rich Could Help Lift 2.3 Billion Out of Poverty

        A new analysis released Tuesday estimates that an annual wealth tax targeting the world’s millionaires and billionaires would raise enough revenue to lift 2.3 billion people out of poverty, provide universal healthcare to the people of low- and middle-income nations, and produce enough coronavirus vaccines to meet global demand.

        “During 2021, we witnessed the epidemic of Covid-19 and wealth-hiding, and it’s time to reverse course.”

      • Where Greed is a Virtue and Poverty Your Own Damn Fault

        It’s amazing what having a personal shelter to go home to means to a person. Those who have always had one don’t understand. The instability of living in the rough—as the Brits say—creates a level of insecurity and fear even among the most weathered of us all. Soldiers who slept in the jungles of Vietnam, snakes in the trees, jungle rot, the uncertainty of being the invader in another’s land; even these men can feel uneasy when sleeping in the rough. Cops, vigilantes, teenage punks, criminals hiding among the houseless—it’s not easy or pretty. Those with homes have little to no knowledge of this and those who enlist the police to harass the houseless seem to actually hate the men and women without a roof over the head, a mortgage or a landlord. As someone who was houseless for a while in the 1970s and who until recently worked in public libraries where the houseless are most often welcome, the fact that housing is part of a market angers me as much as a cop beating an innocent person. My late and politically conservative father decried the circumstances that made homes investments instead of places to live. Unfortunately, he never understood how this reality was an essential part of capitalism.

        I have a friend I run into a couple of times a week. His name is Albert. He’s a retired RN who was in the air force for a brief time in 1969 or 1970 but was kicked out after a rapid political radicalization occurred. He attributes that radicalization to his attendance at a rally called by the Black Panthers. I believe it was soon after Fred Hampton was murdered by the police in Chicago. Within a couple of months, my friend was kicked out, in large part because of his political views and new outspokenness. Naturally, he was relieved and happy that the military was behind him. Most of us would be.

      • Student Debt Cancellation is a Racial Justice Issue

        In a recent House floor speech, Rep. Ayanna Pressley pointed out that the student debt crisis disproportionately impacts the Black community.

        “But for too long,” Pressley said, “the narrative has excluded us and the unique ways in which this debt is exacerbating racial and economic inequities, compounding our gender and racial wealth gap.”

      • Is Europe’s Inflation Joe Biden’s Fault?

        We got some interesting news on inflation elsewhere today in the Bureau of Labor Statistics (BLS) release of data on import prices. It turns out that the price of imports has been rising even faster than domestic prices, with inflation of 10.4 percent over the last year.

        A big part of this increase is higher energy prices, but the data do allow for an important comparison. BLS has a category for imports of manufactured goods from industrialized countries. This would be a wide range of items like cars, car parts, electronics, and other things we would import from Europe, Japan, Canada, and other wealthy countries. In other words, this is a cross-section of goods from countries we think of as similar to the United States.

      • Three More Starbucks Locations in Buffalo Will Soon Vote on Unionization
      • Chris Hedges: America’s New Class War

        There is one last hope for the United States. It does not lie in the ballot box. It lies in the union organizing and strikes by workers at Amazon, Starbucks, Uber, Lyft, John Deere, Kellogg, the Special Metals plant in Huntington, West Virginia, owned by Berkshire Hathaway, the Northwest Carpenters Union, Kroger, teachers in Chicago, West Virginia, Oklahoma and Arizona, fast-food workers, hundreds of nurses in Worcester, Massachusetts, and the members of the International Alliance of Theatrical Stage Employees.

    • AstroTurf/Lobbying/Politics

      • Dems Urged to Hold Senate Floor for ‘As Long As It Takes’

        As the U.S. Senate on Tuesday began debating voting rights legislation intended to combat GOP attacks on democracy, progressive groups urged Democratic senators to hold the floor however long it takes to send a House-approved package to President Joe Biden’s desk.

        “Tens of thousands of people have mobilized for voting rights this year,” Megan Hatcher-Mays, director of democracy policy for Indivisible, said in a statement. “They deserve to see Democratic senators fighting for them and for our democracy by taking to the floor and making the case.”

      • Saving Democracy

        It may come in last unless enough people care enough about one goal so that both moderate Democratic and Republican lawmakers could successfully create legislation that would pass both houses of Congress. The goal: Keeping our democracy intact.

        The Democrats appear to be giving up on changing or deleting the Senate’s filibuster rule because Democratic Sens. Joe Manchin III of West Virginia and Kyrsten Sinema of Arizona object to monkeying with the political tool that requires 60 votes instead of a majority to pass legislation, budget bills aside.

      • Lessons From Louise Glück

        “Who can speak of the future?” Louise Glück asks in her new book of poems, Winter Recipes From the Collective. “Nobody knows anything about the future.” In its apparent rebuke to both writer and reader, the line might seem exemplary of the stark, unsentimental lyric voice for which Glück is best known. The poem it appears in, less so: “A Children’s Story” imagines a royal family driving back to the city after a pastoral sojourn, “all the little princesses / rattling in the back of the car.” The tone suits the genre invoked by its title; the scene is at once mundane and surreal. (“Outside the car, the cows and pastures are drifting away.”) But unlike other children’s stories, this one is in no rush to console. “All hope is lost,” the poem concludes. “We must return to where it was lost / if we want to find it again.” Wavering between melancholy and resolve, “A Children’s Story” speaks to our national mood better than most overtly political poems of the past few years. It also speaks of somewhere else entirely. All of Winter Recipes walks this line between a shared social world and a parallel world of dreams, symbols, and obscure but profound instruction—a realm often ceded to the young and the old.

      • Eurasia’s Ring of Fire: the Epic Struggle Over the Epicenter of U.S. Global Power

        Let’s circle that continent to visit just a few of those flashpoints, each one suffused with significance for the future of U.S. global power.

        On the border with Ukraine, 100,000 Russian troops were massing with tanks and rocket launchers, ready for a possible invasion. Meanwhile, Beijing signed a $400 billion agreement with Tehran to swap infrastructure-building for Iranian oil. Such an exchange might help make that country the future rail hub of Central Asia, while projecting China’s military power into the Persian Gulf. Just across the Iranian border in Afghanistan, Taliban guerrillas swept into Kabul ending a 20-year American occupation in a frantic flurry of shuttle flights for more than 100,000 defeated Afghan allies.

      • Corresimo in Ecuador: An Interview with David Chavez

        Joe Emersberger: Could you please talk a bit about the political persecution that Correismo has been put through since 2017? What are the main cases people should know about?

        David Chavez: The case of [former Vice President] Jorge Glas is the most significant because Glas has been in prison for over 4 years now (he was convicted of illicit association) but it has not been possible to prove that he was involved in the Odebrecht case in which he was accused. But there are obviously more cases. Correa himself has about 48 court cases as far as I know. Several leaders of the movement are exiled in Mexico, some because of court cases against them, others because they were harassed by the previous government as a result of the October 2019 protests [against the elimination of fuel subsidies by decree of former President Lenin Moreno]. And there are other people who have also been sentenced in the last trial in which Correa was sentenced, the so-called “Bribery Case”, as is the case with María Duarte, the former Minister of Transportation and Public Works, who is living in the embassy of Argentina. The government has not given her safe passage to go to Argentina, whose government has granted her asylum.

      • Redistricting, Restrictions
      • Secure Our Right to Vote

        Did this new law further protect our elections when a more secure process of registering voters in person on Election Day is now banned? Why prevent Montanans from having the same access to voting rights as the previous 68,000 Montanans over the last 15 years who could register and vote on Election Day if it does not crack down on voter fraud or provide more election security?

        It is not too hard to predict who this new law will impact, like senior citizens, disabled veterans, and college students whose voter registration addresses were not updated when they moved to the assisted living centers or colleges and only learned of this error at the polling location on the day of the election. Or Montanans who are busy with work and family and forget to update their voter registration and get an hour off of work to vote on Election Day, only to find out their voter registration is not active. Do we really think having these Montanans not voting in our elections makes our elections more secure with less voter fraud?

      • Say It Ain’t So, Joe, Again

        The political system in the US is run by, and operates for, the economic elite here, just as it has since the founding of the nation in the late 18th century. Just as the founders allowed for a horrific system of slavery to become the bedrock of the economy, so does today’s racism and mass incarceration result from the same forces of the power elite. It is no cliché to say that they, the elite, run this nation for their interests as the military-industrial-financial monied class. Joe Biden is a figurehead for the elite and they, the elite, are tipping their hands more and more toward opening the door for complete corporate fascism here.

        When I wrote “Say It Ain’t So, Joe” (CounterPunch, March 20, 2019) many months before the 2020 election, I enumerated the really bad policies that Biden stood for, from kowtowing to the banking class in Delaware and beyond, to his support for immoral wars such as the war in Iraq that he wholeheartedly supported. His disgusting behavior toward Anita Hill during the Senate hearings to confirm Clarence Thomas speaks for itself.

      • “There Must Be a Moral Shift”: Bishop Barber Calls on Democrats to Pass Voting Rights, Protect Poor

        Senate Democratic leadership insists they will debate two critical voting rights bills even though Democratic Senators Joe Manchin and Kyrsten Sinema have publicly denounced their party’s plan to make changes to Senate filibuster rules that would give Democrats the votes needed to pass the landmark legislation. Meanwhile, thousands marched in support of the legislation and the necessary filibuster rule changes in Washington, D.C., on Monday, the federal holiday marking Martin Luther King Jr. Day. We speak with movement leader William Barber, co-chair of the Poor People’s Campaign, who criticizes the Democrats for bifurcating the Build Back Better economic legislation from voting rights and says movements must plan sustained, nonviolent direct action to ensure politicians pass legislation that benefits poor and low-wealth people.

      • On Eve of Key Fight, Sanders Asks: ‘Will Manchin and Sinema Vote With GOP?’

        Just hours ahead of a pivotal Senate showdown over voting rights and the legislative filibuster, Sen. Bernie Sanders on Monday focused his attention on the two primary internal obstacles to the Democratic Party’s success on both fronts: right-wing Sens. Joe Manchin and Kyrsten Sinema.

        “As the voting rights bill finally comes to the floor of the Senate, there is only one vote which will really matter,” Sanders (I-Vt.) argued in a Twitter post. “Will 50 Democrats vote to override the filibuster, protect American democracy, and pass the bill, or will Manchin and Sinema vote with the GOP and let the bill die?”

      • How Media Reports of Their Own Polls Can Mislead

        A new media poll last week by Investor’s Business Daily (1/10/22), conducted with the polling firm TIPP, announced that “Biden Approval Rating Relapses as Omicron Surges, Stock Market Slumps.”

      • Senate Dems Propose Talking Filibuster for Voting Rights

        U.S. Senate Majority Leader Chuck Schumer confirmed Tuesday evening that if Republicans continue to obstruct a long-delayed voting rights package, he will move to bring back the talking filibuster for just that legislation.

        “Now that they have found a way to open debate, under the current rules, Democrats can and must force a public debate that ends with a majority vote.”

      • WATCH LIVE: Senate Debates Voting Rights

        The U.S. Senate on Tuesday kicked off debate on voting rights legislation and moved closer to a potential floor battle over the filibuster rule, which Sens. Joe Manchin and Kyrsten Sinema have vowed to uphold despite the dire implications for U.S. democracy.

        Watch the Senate debate voting rights live:

      • If Dems Don’t Deliver on Health Care, They May Suffer in Midterms, Jayapal Warns
      • 94% of AZ Progressives Support Primary Challenge if Sinema Kills Voting Rights

        As U.S. Sen. Kyrsten Sinema continues to stymie voting rights legislation by refusing to support filibuster reform, an overwhelming majority of respondents to a Tuesday survey by Indivisible said they would back a 2024 primary challenger to the Arizona Democrat if she does not change course.

        “Since 2021, Arizonans have been calling on Sinema to eliminate the filibuster and pass democracy reform.”

      • MLK Family Blasts Manchin & Sinema for Protecting Filibuster Over Voting Rights
      • Voting Rights Cannot Be Separated From Economic Justice, Says William Barber
      • Activision Stock Gets Analyst Upgrade on “Win-Win” Microsoft Deal; Is Electronic Arts Next?

        This year is off to a quick and game-changing start for the video gaming sector. After all, it is now two weeks, two mega-deals in the space as technology giant Microsoft unveiled a $68.7 billion takeover of powerhouse Activision Blizzard on Tuesday, eight days after Take-Two Interactive’s $12.7 billion deal to acquire Zynga.

      • Federal Communications Commissioner Starks Seeks to Encourage Democratic Principles Online

        With increasing challenges to democracy around the world and citizen surveillance efforts by several international governments, as well as domestic concerns over privacy on social media platforms, Starks says private sector entities should work to set standards which promote democratic principles and privacy for citizens.

      • White House Meeting Puts Spotlight on OSS Sustainability

        A recent meeting between IT industry leaders and White House officials highlighted open source software sustainability concerns as high-profile breaches and zero-day attacks have many organizations reviewing their software supply chains.

        The White House published a statement describing, among other things, how participants had a “substantive and constructive” discussion on how to make a difference in the security of open source software while continuing to effectively engage and support the open source community.

    • Censorship/Free Speech

      • Remembering The Fight Against SOPA 10 Years Later… And What It Means For Today

        Register now for our online event featuring Rep. Zoe Lofgren »

      • Russian Artist Arrested For Giant Poop Snow Sculpture

        A Russian artist has been arrested for creating a snow sculpture in the form of a giant turd near a burial site in St. Petersburg.

        Police and local media on January 17 said that Ivan Volkov was criminally charged for desecrating the burial place of the dead when he created the 5-meter-long sculpture.

      • China’s App for Olympians Has Security Flaw, Censors Sensitive Words, Says Canadian Report

        An app mandated for use by all attendees of the Beijing 2022 Winter Olympics has a flaw that allows encryption of sensitive data to be sidestepped, a new study by Canadian researchers says. The app also censors words related to the Chinese authorities’ human rights abuses of ethnic and religious minority groups, according to the study.

        The Citizen Lab, a global security research institute at the University of Toronto’s Munk School of Global Affairs and Public Policy, published the study on Jan. 18, analyzing the app, called MY2022.

        All attendees of the Beijing Winter Olympics, including athletes, audience members, and journalists are required to install the app to attend the Games.

      • Mandatory Chinese Olympics app has ‘devastating’ encryption flaw: analyst

        WASHINGTON: An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.

        The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China’s capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.

    • Freedom of Information/Freedom of the Press

      • Your Man in Saughton Jail Part 1

        In fact I was only half an hour in St Leonards before being put in a police car and taken to Saughton. This was pretty well unique – the police do not conduct people to prison in Scotland. At no stage was I manacled or handled and the police officers were very friendly. Reception at Saughton prison – where prisoners are not usually admitted on a Sunday – were also very polite, even courteous. None of this is what happens to an ordinary prisoner, and gives the lie to the Scottish government’s claim that I was treated as one.

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

      • Why U.S. Robocall Hell Seemingly Never Ends

        According to the YouMail Robocall Index, there were 3.6 billion U.S. robocalls placed last December, or 115 million robocalls placed every single day. That’s 4.8 million calls placed every hour. Despite the periodic grumble, it’s wholly bizarre that we’ve just come to accept the fact that essential communications platforms have been hijacked by conmen, salesmen, and debt collectors, and we’re somehow incapable of doing anything about it.

      • Tonga undersea cable needs ‘at least’ four weeks to repair: NZ

        A key undersea cable that was destroyed in a volcano eruption in Tonga may take at least four weeks to be repaired, said New Zealand’s foreign ministry.

    • Digital Restrictions (DRM)

      • Daniel Radcliffe to Play ‘Weird Al’ Yankovic in Roku’s First Original Biopic Movie

        Colin Davis, Roku’s Head of Original Scripted Programming, added, “There clearly aren’t enough biopic movies about famous musicians and we were excited to shine a light on the incredibly true, unexaggerated story of Weird Al. This is sincerely the ultimate combination of talent, creativity, and friends, coming together to make something genuinely funny and we could not be prouder to call this film a Roku Original.”

    • Monopolies

      • New Project Launched as ‘Direct Counterweight’ to Big Tech

        The Tech Oversight Project launched Tuesday in an effort to push back against major technology companies’ lobbying on Capitol Hill and advocate for greater regulation of the industry.

        The project is beginning with a focus on federal antitrust legislation, employing a “campaign-style” strategy to fight for passage of the American Innovation and Choice Online Act (H.R. 3816/S. 2992), which would outlaw certain anti-competitive conduct by major platforms.

      • Copyrights

        • Humane Society. For the recovery of persons apparently dead by drowning. : Instituted in the year 1774

          To bring the deceased back to life, especially those taken before their time, has long been a dream of legends and myth. In the case of the “apparently drowned”, however, it is possible to perform the seemingly miraculous and restore a limp body to full animation before lethal asphyxiation occurs. Yet despite the relatively simple techniques needed to perform this operation, they have taken millenia to develop. Early representations of resuscitation are shallow in information. Some scholars point to the Battle of Kadesh, as depicted at the Egyptian Ramesseum, where the drowned Hittite Emperor is held upside down by his men; others to the Hebrew Book of Kings, where Elisha revives a dead child with his “mouth upon his mouth” as an example of artificial ventilation. The idiom “over a barrel” may point to a practice, possibly medieval in origins, for rolling an unconscious body on a cask until they cough up water (or it might equally suggest flogging). The history of modern resuscitation in Europe conjures, though did not coin, another idiom: “to blow smoke up your”. . . well, we all know where that leads. Driven by an Enlightenment humanitarianism, social reformers and physicians began addressing a leading cause of preventable expiration that had rarely been treated on a national scale — death by water.

          In the 1730s, René Antoine Ferchault de Réaumur popularized a recent discovery: the seemingly lifeless could be revived with a wealth of strategies. This “Pliny of the Eighteenth Century” (Réaumur invented a precursor to the Celsius scale, influenced methods of silk production in China, and pioneered the process of metallic tinning still used today) wrote a pamphlet titled Avis pour donner du secours à ceux que l’on croit noyez (Advice to aid those believed drowned). After debating the pros and cons of tickling the nose with feathers and filling a drowning man’s mouth with warm urine, Réaumur reveals what he believes to be the best technique: using a pipe stem to blow stimulating tobacco smoke into the intestines through the rectum. Louis XV found the pamphlet dazzling and encouraged its wide distribution. Startlingly, as Anton Serdeczny discusses in his recent book on reanimation, soon riverbanks across Europe were lined with “resuscitation kits”, as close-by as a contemporary defibrillator, which contained all the necessary supplies for giving a nicotine enema (and later, thankfully, included bellows as a substitute for breath).

        • How The SOPA Blackout Happened

          “[Historical knowledge] gives understanding of how the present world came to be, and maybe more importantly, an appreciation that everything that is, never necessarily had to be” -from “History as Freedom” —Joe Costello, longtime political organizer, writer

        • The EU Wants Its Own DNS Resolver that Can Block ‘Unlawful’ Traffic

          The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block “illegal” websites, including pirate sites.

        • ‘Criminal’ VPN Shut Down By Europol and International Law Enforcement

          Joint action by Europol and law enforcement authorities in ten countries has shut down VPNLab, a VPN service said to have been used to commit cybercrimes including malware distribution and ransomware campaigns. The service’s domain now displays a seizure banner claiming the service’s involvement in major international cyber attacks.

        • Adblocking Does Not Constitute Copyright Infringement, Court Rules

          Axel Springer has lost its copyright infringement lawsuit against Eyeo GmbH, the company behind Adblock Plus. The German publishing house, which owns the Bild and Die Welt brands, among others, claimed that adblockers interfere with the presentation of websites in browsers, thus breaching copyright. In a victory for Eyeo, the Hamburg District Court has dismissed the case.

        • Better Internet Series: Access to Information and Knowledge

          See our article introducing this series.

        • Copyright Shouldn’t Stand in the Way of Your Right to Repair

          If you bought it, you own it and you can do what you want with it. That should be the end of the story—whether we’re talking about a car, a tractor, a smartphone, a computer, or really anything you buy.

          Yet product manufacturers have chipped away for years at the very idea of ownership, using the growing presence of software on devices to make nonsense arguments about why your tinkering with the things you own violates their copyright. It’s gotten so bad that there’s a booming market for 40-year-old tractors that don’t rely on software. We’ve worked for years with advocates with the Repair Coalition, iFixit, U.S. PIRG, and countless others, to get lawmakers to make it crystal clear that people have the right to tinker with their own stuff.

          It’s working. The wind is at our backs right now. In just the past two years, the right to repair has won at the ballot box in Massachusetts, received a supportive directive from the Biden Administration, and made some gains at the Library of Congress to expand repair permissions.

When Twitter Protects Abusers and Abuse (and Twitter’s Sponsors)

Posted in Deception at 4:19 am by Dr. Roy Schestowitz

Video download link | md5sum f7809a345e8f8318dec06991dfe5b18d
Social Control by Filtering
Creative Commons Attribution-No Derivative Works 4.0

Summary: Twitter is an out-of-control censorship machine and it should be treated accordingly even by those who merely “read” or “follow” Twitter accounts; Twitter is a filter, not a news/media platform or even means of communication

TWO weeks ago I wondered aloud about ceasing to post anything in Twitter, in effect boycotting it. The upside was seen as lessening the threat of account ban (deletion of nearly a million tweets), but the downside was vacuum permitting propaganda to flourish unchallenged (e.g. lies about patents).

But yesterday it became more apparent that anything I ever wrote there (or got reposted there) can be used to sanction me, retroactively. Imagine things I said in 2009 which did “not age well”… or for that matter, imagine people showing or citing (without taking note of the date) old tweets of people bragging about meeting famous criminals, albeit only much later, well after the facts.

“The video above mentions just a subset of actions taken against me by Twitter, each for criticising one or some of IBM, FSFE/Gulag, Bill Gates, OSI/Microsoft, and dishonest critics of Wikileaks.”Twitter is a horrible place to be. Not only due to government pressure; it's about money!

The video above mentions just a subset of actions taken against me by Twitter, each for criticising one or some of IBM, FSFE/Gulag, Bill Gates, OSI/Microsoft, and dishonest critics of Wikileaks. Twitter typically sides with the reporter and only by virtue of law (in Germany at least) they’re compelled to inform me about the judgement, albeit there’s no room for an appeal, no due process, and typically no transparency at all.

Half a decade ago Daniel Nazer (EFF before moving to Mozilla) said that Twitter was forcing him to remove a tweet or be denied access to his account. Such actions have since then been ‘normalised’ and we gave one such example suppressing truth-tellers about Microsoft managers [1, 2].

“The dangers associated with Twitter became apparent much later, e.g. clickbait, ‘curated’ timelines (for “engagement”), and surveillance capitalism; the censorship in Twitter got a lot worse and a lot more obvious around 2016 (I had hardly sensed it beforehand).”For the record, I never posted in Twitter directly. I started with Identi.ca, which sent copies to Twitter some time months later (after people had convinced me not to limit myself to Identi.ca) and since about 2010 I’ve done the same through JoinDiaspora (StatusNet was flailing).

The dangers associated with Twitter became apparent much later, e.g. clickbait, ‘curated’ timelines (for “engagement”), and surveillance capitalism; the censorship in Twitter got a lot worse and a lot more obvious around 2016 (I had hardly sensed it beforehand). I wrote a lot about it back then (in my personal site and Richard Stallman’s personal site back then said: “Roy Schestowitz reports being censored (“shadowbanned”) by Twitter for posting about Twitter censorship. This kind of censorship is not obvious to the one being censored.”

We wrote a high number of posts (over a dozen in recent weeks alone) about the subject covered in the video above. The bottom line is, Twitter has become a lot like smoking, but many who are ‘chain smokers’ still aren’t aware of the health implications (or are in deep denial about it).

IRC Proceedings: Tuesday, January 18, 2022

Posted in IRC Logs at 2:27 am by Needs Sunlight

Also available via the Gemini protocol at:

Over HTTP:

HTML5 logs

HTML5 logs

#techrights log as HTML5

#boycottnovell log as HTML5

HTML5 logs

HTML5 logs

#boycottnovell-social log as HTML5

#techbytes log as HTML5

text logs

text logs

#techrights log as text

#boycottnovell log as text

text logs

text logs

#boycottnovell-social log as text

#techbytes log as text

Enter the IRC channels now


IPFS Mirrors

CID Description Object type
 QmeEwwKsTweJoikFTbb27FSMKcKcTstXrjd1mpKQYvdTZG IRC log for #boycottnovell
(full IRC log as HTML)
HTML5 logs
 QmSVCwTsaDjGAiPkiUhkcJAmvrgjrGaJQENfmzJoAJHPAc IRC log for #boycottnovell
(full IRC log as plain/ASCII text)
text logs
 QmcKY974eTLRXmtgfeuoGTBb3vDxxxKnZsrc5Boqteh95d IRC log for #boycottnovell-social
(full IRC log as HTML)
HTML5 logs
 QmcjvCeMoXtv9xKbkRjMYopUfuZD81rZahr1ys2sRKs2Zk IRC log for #boycottnovell-social
(full IRC log as plain/ASCII text)
text logs
 Qmaj85w8Z3d3uUhyKdcQm2SadLREkJskujDkzJhwteaNYE IRC log for #techbytes
(full IRC log as HTML)
HTML5 logs
 QmfHaD3xpqnJUezaWbxmJqdgFraPwcs5X8qQ3sVUx6gmXJ IRC log for #techbytes
(full IRC log as plain/ASCII text)
text logs
 QmWhCXWyjtgXak8TKk6RcuYgxSYgrvS4bdVcET8bbqoxLC IRC log for #techrights
(full IRC log as HTML)
HTML5 logs
 QmR1zX2U5pncj2kupDUi4jiLZki6Sjqc4EdYChkLqjxT9C IRC log for #techrights
(full IRC log as plain/ASCII text)
text logs

IPFS logo

Bulletin for Yesterday

Local copy | CID (IPFS): QmbAVHY5Ges1nF9HNsiNn6FsQW8UdTFHURKDG1QgSKpKw7

Links 19/1/2022: Wine 7.x Era Begins and Istio 1.12.2 is Out

Posted in News Roundup at 2:06 am by Dr. Roy Schestowitz

  • GNU/Linux

    • A note for LWN subscribers [LWN.net]

      January 22, 2022 will be the 24th anniversary of the publication of the first LWN.net Weekly Edition. A lot has happened in the intervening years; the Linux community has grown immeasurably, and LWN has grown with it. Later this year will also be the 20th anniversary of the adoption of our subscription-based model, which has sustained LWN ever since. There is a change coming for our subscribers that will, with luck, help to set up LWN to thrive in the next coming years.

      The nominal price for an LWN subscription is $7 per month, a price that has remained unchanged since 2010. That $7 buys a lot less now than it did twelve years ago. Your editor is reliably informed by the Internet that inflation in the US has been just under 28% from 2010 until the middle of 2021; that rate doesn’t include the last few months. Prices for some things, most notably health insurance in the US, have increased by rather more than that.

    • Server

      • Istio / Announcing Istio 1.12.2

        This release fixes the security vulnerability described in our January 18th post, ISTIO-SECURITY-2022-001 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.12.1 and Istio 1.12.2.

      • ISTIO-SECURITY-2022-001
    • Audiocasts/Shows

    • Applications

      • VirtualBox 6.1.32 Fixes Access to Some USB Devices on Linux Hosts, Improves Shared Clipboard

        VirtualBox 6.1.32 arrives almost two months after VirtualBox 6.1.30 to fix a bunch of bugs. For example, it fixes access to some USB devices on Linux hosts as the device class wasn’t handled correctly, fixes the wrong mouse position if guest is in text mode, fixes copying of folders from host to guest and vice versa, and fixes UNICODE handling.

        Also fixed in this release is the accidental creation of an empty debug log file when the OSS (Open Sound System) audio backend was configured, the loss of keyboard focus under rare circumstances when using the mini toolbar in full-screen mode, the link status reporting for certain Linux kernels, as well as packaging and installer regressions affecting Solaris hosts.

    • Instructionals/Technical

      • How To Install Ansible on Fedora 35 – idroot

        In this tutorial, we will show you how to install Ansible on Fedora 35. For those of you who didn’t know, Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. Ansible automates and simplifies repetitive, complex, and tedious operations. It’s a free tool written in Python.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Ansible automation tool on a Fedora 35.

      • Install PHP 8 on Ubuntu 22.04 – kifarunix.com

        In this tutorial, you will learn how to install PHP 8 on Ubuntu 22.04. PHP 8 is a major update of the PHP language. It contains many new features and optimizations including named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and improvements in the type system, error handling, and consistency.

      • How to keep your Debian updated

        A Linux OS is a collection of multiple packages interlinked in a very complex network. These packages offer all the necessary files and binaries that make up the operating system. These packages need regular updates. It may be security patches, bug fixes, or feature improvements. As such, it is critical to keep all the packages up-to-date.

      • How to install Debian 11

        Debian 11.0 was released on August 14th, 2021, with the codename Bullseye. After approximately two years of development, the Debian projects presented a stable version of Debian 11 which will be supported for the next five years. This new distribution whips with over 11294 new packages to count 59551 packages.

      • Allow/Deny SSH Access To a Particular User Or Group In Linux

        In this article we will be allowing or denying SSH access to a particular user or Group by making a few changes in SSH Configuration file.

        First, we will see how to allow or enable SSH access to a user and group. Please note that all commands given below should be run as root or sudo user.

      • 3 Linux commands to shut down the system and you will able to do it easily

        Hi Guys, In this guide, we will illustrate the difference between shutdown, poweroff, halt and reboot command in Linux.

      • Set Date and Time for Each Command You Execute in Bash History

        Hi guys, In this article, we will show you how you can configure time stamp information when each command in the history was executed to be displayed.

        All commands executed by Bash on the command line are stored in history or in a file called ~/.bash_history.

        Also you can list all of the commands executed by users on the system or a user can view the command history using the history command as shown below.

      • How to install Gitea on a fresh Ubuntu/Debian server

        Gitea an open source easy-to-use self hosted git server written in Go. It has many features like time tracking, repository branching, file logging, notifications, built-in wiki and much more. Gitea is an lightweight application meaning that it can be run on lower spec systems too. It is an great lightweight alternative to GitLab. It’s really easy to setup and you will find most of the features that you will find in typical source control platform. This tutorial will show you how to install Gitea on Ubuntu Or Debian Systems

      • How to Install and Configure Kibana on Ubuntu 20.04 – Citizix

        Kibana is a proprietary data visualization dashboard software for Elasticsearch, whose open source successor in OpenSearch is OpenSearch Dashboards. It is a data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence use cases. It offers powerful and easy-to-use features such as histograms, line graphs, pie charts, heat maps, and built-in geospatial support. Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster — as well as the centralized hub for built-in solutions developed on the Elastic Stack.

      • How to install and Configure HAProxy load balancer on Ubuntu 20.04

        HAProxy is a free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It distributes the load among the web and application servers.

        Haproxy is popular for load balancing because of its efficiency, reliability, and low memory and CPU footprint. Load balancing is a common solution for distributing web applications horizontally across multiple hosts while providing the users with a single point of access to the service.

        It is available for install on major Linux distributions. In this guide we will learn how to install and configure HAProxy load balancer on Ubuntu 20.04.

      • How to Install an RPM File in Linux

        Did you download an RPM file, and you’re not sure what it is or what do with it? It’s one of the file types used to install applications in Red Hat Enterprise Linux-based distributions, and we’ll show you how to use them.

      • Install PHP 7.1/7.2/7.3/7.4 on Ubuntu 22.04 – kifarunix.com

        Did you download an RPM file, and you’re not sure what it is or what do with it? It’s one of the file types used to install applications in Red Hat Enterprise Linux-based distributions, and we’ll show you how to use them.

    • Wine or Emulation

      • Wine 7.0 Released with Tons of Improvements, Including a New Theme

        The new Wine 7.0 release features a year’s worth of development distilled from over 9,000 changes. The goal? To serve you a bold bouquet that’s rich in improvements, new features, and advanced capabilities.

        Now, the official release announcement is a little terse, but both the Wine mailing list announcement and the official release notes relay a lot more detail — like ‘best read with a glass of real wine and some nibbles’ detail.

      • Run Windows apps on Linux with Wine 7.0

        It used to be, people would scoff at the idea of switching to a Linux-based operating system due to a lack of software. While that is still true for some folks — especially business users — it is less of a concern these days. Why? Well, so many things are done through the web browser nowadays, lessening dependence on Windows software. For many consumers, just having the Google Chrome browser on, say, Ubuntu, is more than enough to accomplish their wants and needs. Not to mention, there are many quality Linux apps like GIMP and DaVinci Resolve.

        But OK, lets say you really want to use a Linux-based operating system, but there’s some Windows-only software that you absolutely cannot live without. Thankfully, you may still be able to ditch Windows and upgrade to something like Fedora or Linux Mint. How? Thanks to the excellent Wine! This compatibility layer (don’t you dare call it an emulator), can sometimes enable you to run Windows software on Linux. Today, version 7.0 is released.

      • Wine 7.0 Released with Support for New GPUs, Multiple Displays, and WoW64

        After a year of development, Wine 7.0 is here to introduce lots of goodies to satisfy your Windows application and gaming needs. First of all, it brings support for the WoW64 (64-bit Windows-on-Windows) architecture to allow you to run 32-bit Windows programs inside a 64-bit Unix host process.

        On top of that, Wine 7.0 adds support for multiple displays (multi-head) to its Direct3D implementation to allow you to choose which monitor a Direct3D program will use for full-screen mode, along with display gamma adjustment using the DXGI API, and support for new GPUs.

      • WINE 7.0 released [LWN.net]

        Version 7.0 of the WINE Windows API library has been released.

      • WineHQ – News – Wine 7.0 Released

        The Wine team is proud to announce that the stable release Wine 7.0 is now available.

        This release represents a year of development effort and over 9,100 individual changes. It contains a large number of improvements that are listed in the release notes below.

      • Wine 7.0 Released With Improved Theming, New WoW64 & Much More – Phoronix

        Wine 7.0 is now officially available for enjoying Windows games and applications on Linux, macOS, and other platforms.

        Wine 7.0 serves as the annual stable release for “Wine Is Not an Emulator” for running Windows applications/games on other platforms. Wine 7.0 is the culmination of all the bi-weekly Wine 6.x(x) point releases over the past year.

    • Distributions

      • What is Void Linux and How to Install It

        Void Linux is a Linux distribution that aims to provide a powerful, yet easy-to-approach, operating system. It is designed to be both simple and stable and achieves that through the use of runit and its own lightweight package manager.

        Similar to Arch Linux, Void Linux follows a “rolling release” model and a “user-centric” approach to operating system usage. This means Void Linux is constantly updated but is also bare-bones when installed. It makes Void Linux appealing for power users who want to have a flexible operating system that they can fully understand and tinker with.

      • New Releases

        • Debian-based deepin Linux 20.4 is here and you should switch from Windows 11 today!

          Debian is a great operating system in its own right, but also, it makes for an excellent base for other Linux distributions as well. For example, Ubuntu is probably the most well-known Linux distro and it is based on Debian. There are countless other operating systems, such as Netrunner, that stand on Debian’s figurative shoulders.

          The prettiest and most exciting Debian-based operating system, however, is deepin. This Chinese-developed Linux distribution is probably the most beautiful desktop operating system on the planet; it is arguably better than both macOS and Windows 11 in the style department.

          deepin has what many consider the most beautiful and intuitive user interfaces. Today, deepin 20.4 becomes available and it uses either LTS kernel 5.10.83 or stable kernel 5.15.6. If you are running Windows 11, you should definitely consider switching now!

      • SUSE/OpenSUSE

        • GeckoLinux ROLLING Now Ships with Linux 5.16, Improved PipeWire Configuration

          GeckoLinux ROLLING is derived from the openSUSE Tumbleweed and Packman repositories, which means that if follows a rolling release model where you install once and receive updates forever. But, from time to time, the developer of this distribution generates new installation images for better hardware compatibility.

          As such, the new GeckoLinux ROLLING update is here to further improve the Calamares graphical installer to no longer create a Btrfs subvolume for the /tmp directory.

    • Devices/Embedded

      • RK3566-based PineNote E-Ink tablet ships at $399

        Pine64 launched a $399 “PineNote” tablet with 10.1-inch, E-Ink touchscreen, 4GB LPDDR4, and 128GB eMMC that runs Linux on a Rockchip RK3566. The company also recently launched the $399 PinePhone Pro and a PinePhone Keyboard and a PineDIO USB LoRa adapter.

        Pine64 announced its PineNote E-ink reader in August and launched its first developer version of its second-gen PinePhone Pro Explorer Edition smartphone in October. The company has now launched the PineNote for developers only, and recently launched a less bleeding-edge version of PinePhone Pro, which is available for the same $399 price with shipments due in late February (see farther below).

        Earlier in the month, Pine64 launched its $50 PinePhone Keyboard case, which supports both the PinePhone and PinePhone Pro. There is also a new, $15 PineDio USB LoRa Adapter that works with any USB-connected device. A $20 case model packages the adapter for use with the PinePhone or PinePhone Pro (see farther below).

      • Pine64 should re-evaluate their community priorities

        Pine64 has a really interesting idea: make cheap hardware with low margins, get it into the hands of the FOSS community, and let them come up with the software. No one has ever done this before, at least not on this scale, and it’s a really neat idea! Pine64 is doing a lot to support the FOSS community bringing up its hardware, but I’m afraid that I have to ask them to do a bit more.

        [...]

        Again, this is ordered from most to least important, but in practice, the ecosystem prioritizes them in reverse. Pine64 themselves contribute no labor to any of these focus areas, and though they provide some funding, they provide it from the bottom of this list up, putting most of it into distros and very little into the kernel, bootloaders, or telephony. This is nice, but… why fund the distros at all? Distros are not the ones getting results in these focus areas. Their job is to distribute the results of community efforts.

        Don’t get me wrong, the distros do an important job and they ought to get the funding they need, but this is just creating fragmentation in the ecosystem. As one example, we could be installing the Linux distribution of our choice on the Pinebook Pro using a standard aarch64 UEFI ISO installer, just like we do for any other laptop, if someone spent a couple of weeks upstreaming the last 6 patches to mainline Linux and put together a suitable u-Boot payload to flash on the SPI flash chip. But, instead of one working solution for everyone, we have 20+ Linux distros publishing Pine64-specific images to flash to microSD cards.

      • Open Hardware/Modding

        • Bryan Quigley: Small EInk Phone

          To be shipped with one of the main Linux phone OSes (Manjaro with KDE Plasma, etc).

        • A DIY CAD Mouse You Can Actually Build

          When you spend a lot of time on the computer doing certain more specialised tasks (no, we’re not talking about browsing cat memes on twitter) you start to think that your basic trackpad or mouse is, let’s say, lacking a certain something. We think that something may be called ‘usability’ or maybe ease-of-use? Any which way, lots of heavy CAD users gush over their favourite mouse stand-ins, and one particularly interesting class of input devices is the Space Mouse, which is essentially patented up-to-the-hilt and available only from 3DConnexion. But what about open source alternatives you can build yourselves? Enter stage left, the Orbion created by [FaqT0tum.] This simple little build combines an analog joystick with a rotary knob, with a rear button and OLED display on the front completing the user interface.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox Gets AV1 VA-API Acceleration Sorted Out

            Thanks to Red Hat developer Martin Stránský, he has managed to get the Video Acceleration API (VA-API) working for AV1 content within the Firefox web browser.

            After working on it the past month, the necessary bits have come together for supporting AV1 VA-API playback within Firefox on Linux. See the Mozilla.org BugZilla for tracking the progress on the effort. The latest AV1 activity in general for Mozilla can be tracked via hg.mozilla.org.

          • Hacks.Mozilla.Org: Contributing to MDN: Meet the Contributors [Ed: Mozilla outsourced again to Microsoft and its proprietary software; Mozilla became worthless; it’ll be history in a few years due to bad leadership]

            If you’ve ever built anything with web technologies, you’re probably familiar with MDN Web Docs. With about 13,000 pages documenting how to use programming languages such as HTML, CSS and JavaScript, the site has about 8,000 people using it at any given moment.

            MDN relies on contributors to help maintain its ever-expanding and up to date documentation. Supported by companies such as Open Web Docs, Google, w3c, Microsoft, Samsung and Igalia (to name a few), contributions also come from community members. These contributions take many different forms, from fixing issues to contributing code to helping newcomers and localizing content.

            We reached out to 4 long-time community contributors to talk about how and why they started contributing, why they kept going, and ask what advice they have for new contributors.

            [...]

            Since the end of 2020, the translation of MDN articles happen on the new GitHub based platform.

            [...]

            Our seasoned contributors suggest starting with reporting issues and trying to fix them, follow the issue trackers and getting familiarized with GitHub.

      • SaaS/Back End/Databases

        • Redis vs. MongoDB: What you need to know

          Databases are garnering a lot of popularity every day and are used by many organizations for a wide variety of use cases. Many organizations are employing innovative techniques to handle their Data storage. These companies often shift between Databases to optimize their storage and data mapping according to their business needs.

        • PostgreSQL: pgDay Paris 2022 — Schedule published

          The next edition of the popular PostgreSQL conference pgDay Paris, a PostgreSQL.Org Recognized Community Conference, will be held on March 24, 2022 in the French capital. All of the talks will be in English.

          Registration is open, and the EARLYBIRD discount is going fast so make sure you grab that while you can!

      • Content Management Systems (CMS)

        • WordPress 5.9 RC3

          The third Release Candidate (RC3) for WordPress 5.9 is here!

          Thank you to everyone who has contributed thus far toward testing and filing bugs to help make WordPress 5.9 a great release. WordPress 5.9 is slated to land in just one week—on January 25, 2022. You still have time to help! Since RC2 arrived last week, testers have found and fixed two bugs, 14 fixes from Gutenberg. There has been one additional Gutenberg fix today.

      • FSF

        • FSF expands process for associate members to nominate new members of the board

          The board of the Free Software Foundation (FSF) announced today that associate members of the FSF will be able to nominate and evaluate candidates for the nonprofit’s board of directors for the first time in the organization’s 37-year history. FSF currently has just over 5,000 associate members.

          Under new procedures adopted by the FSF board on January 17 and summarized here, the organization will proactively engage associate members with a sufficient history of association with the FSF in the recruiting process by inviting them to suggest board nominees and then research collectively those nominees’ suitability for a position on the board, including most importantly their record of commitment to free software ideals.

          The new community engagement process is a key result of a six-month consultant-led review designed to help make FSF governance and recruitment practices more transparent and participatory, while more systematically ensuring their commitment to the FSF’s values and principles.

      • Programming/Development

        • C: sigprocmask Function Usage

          You may have heard about socket programming in C. One of the socket functions is the “sigprocmask” function. This function has been usually utilized in the code to inspect or alter the signal mask of the calling function. The signal mask is a term used for a group of signals that are presently blocked and cannot be conveyed for the calling function. Such kind of signal is known as “Blocked Signals.” You can say that a process can still receive the blocked signals, but it will not be used until they are unblocked and released, i.e., raised. Until then, it will be pending. Therefore, within today’s guide, we will be discussing the use of the sigprocmask function in C programming. Let’s have a start.

          After the Ubuntu 20.04 successful login, you need to launch the shell of the Ubuntu 20.04 system first after the login. So, try out the “Ctrl+Alt+T” shortcut simply on the desktop screen. It will launch the terminal shell for you in some seconds. Make sure to update your system using the apt package of your system. After that, you have to execute the “touch” instruction along with the file name you want to generate, i.e., to create the C file via the shell. This newly created file can be found in the “home” folder of your system’s file explorer. You can try opening it with the “text” editor to create code in it. Another way to open it in the shell is using the “GNU Nano” editor using the “nano” keyword with a file name as demonstrated beneath.

        • C: sigaction function usage

          A sigaction() is a function that allows to call/observe or examine a specific action associated with a particular signal. It is thought to consider a signal and sigaction function on the same page. But in reality, it has not occurred. The signal() function does not block other signals when the current handler’s execution is under process. At the same time, the sigaction function can block other signals until the current handler has returned.

        • delegation of authority from the systems programming perspective – Ariadne’s Space

          As I have been griping on Twitter lately, about how I dislike the design of modern UNIX operating systems, an interesting conversation about object capabilities came up with the author of musl-libc. This conversation caused me to realize that systems programmers don’t really have a understanding of object capabilities, and how they can be used to achieve environments that are aligned with the principle of least authority.

          In general, I think this is largely because we’ve failed to effectively disseminate the research output in this area to the software engineering community at large — for various reasons, people complete their distributed systems degrees and go to work in decentralized finance, as unfortunately, Coinbase pays better. An unfortunate reality is that the security properties guaranteed by Web3 platforms are built around object capabilities, by necessity – the output of a transaction, which then gets consumed for another transaction, is a form of object capability. And while Web3 is largely a planet-incinerating Ponzi scheme run by grifters, object capabilities are a useful concept for building practical security into real-world systems.

          Most literature on this topic try to describe these concepts in the framing of, say, driving a car: by default, nobody has permission to drive a given car, so it is compliant with the principle of least authority, meanwhile the car’s key can interface with the ignition, and allow the car to be driven. In this example, the car’s key is an object capability: it is an opaque object, that can be used to acquire the right to drive the car. Afterwards, they usually go on to describe the various aspects of their system without actually discussing why anybody would want this.

        • Python

        • Shell/Bash/Zsh/Ksh

          • A dog-cat-horse-turtle problem

            Sometimes the text-processing problems posted on Stack Exchange have so many solutions, it’s hard to decide which is best.

            A problem like that was posted in the “Unix & Linux” section in December 2021…

  • Leftovers

    • Threeboard: Short On Keys, Long On Documentation | Hackaday

      As peripherals go, few are hacked on more than keyboards. The layouts, the shapes, the sizes, materials, and even the question of what a keyboard is are all on the table for tinkering. In that vein, [TaylorConor] released his simplified keyboard called the threeboard on GitHub, having only three keys and replicating a full keyboard.

      We’ve covered keyboards built with chording in mind, wrapped around coffee cups, and keyboards with joysticks for added speed. So why cover this one? What makes it different? The execution is superb and is a great example to look at next time you’re making a project you want to show off. The keyboard is just three mechanical switches, two 8-bit binary displays (16 LEDs total), three status LEDs, and three LEDs showing the current layer (four layers). The detailed user’s manual explains it all. There is a reliable Atmega32U4 microcontroller and two EEPROM chips at its heart.

    • Hardware

      • Woodworking, Blinkenlites, And FFT’s Dance To The Music | Hackaday

        We all have that one project on our minds that we’d love to build if we could just find the right combination of time, energy, and knowledge to dive right in. For [Jonathan], that project was a sound sculpture that’s finally made it from concept to complete. [Jonathan] describes the sound sculpture as the culmination of a decade of learning, and in a moment you’ll understand why.

        The sculpture itself is a beautiful display of woodwork mixed with what appear to be individually addressable LED’s. The varying length of the individual enclosures evokes the idea that the sculpture is somehow involved in the sound production, which is a nice touch.

      • Add 10 GbE to your system with an M.2 2280 module

        It’s now possible to add 10GbE through an M.2 socket thanks to Innodisk EGPL-T101 M.2 2280 module based on Marvell AQtion Ethernet controller offering support for 10Gbps, 5Gbps, 2.5Gbps, 1000M, and 100M/10M LAN speeds.

        The solution is comprised of three parts with the M.2 module equipped with a heatsink to cool the Ethernet controller, a flexible high-speed coaxial cable, and a daughter board with an RJ45 connector and two threads for mounting to a chassis.

      • Keebin’ With Kristina: The One With The Tri-lingual Typewriter | Hackaday

        Isn’t it just fantastic when a project finally does what you wanted it to do in the first place? [Simon Merrett] isn’t willing to compromise when it comes to the Aerodox. His original vision for the keyboard was a wireless, ergonomic split that could easily switch between a couple of PCs. Whereas some people are more into making layout after layout, [Simon] keeps pushing forward with this same design, which is sort of a mashup between the ErgoDox and the Redox, which is itself a wireless version of the ErgoDox.

      • KiCAD 6.0: What Made It And What Didn’t | Hackaday

        I’ve been following the development of KiCAD for a number of years now, and using it as my main electronics CAD package daily for a the last six years or thereabouts, so the release of KiCAD 6.0 is quite exciting to an electronics nerd like me. The release date had been pushed out a bit, as this is such a huge update, and has taken a little longer than anticipated. But, it was finally tagged and pushed out to distribution on Christmas day, with some much deserved fanfare in the usual places.

        So now is a good time to look at which features are new in KiCAD 6.0 — actually 6.0.1 is the current release at time of writing due to some bugfixes — and which features originally planned for 6.0 are now being postponed to the 7.0 roadmap and beyond.

      • Electronic Lead Screws – Not Just For Threading Anymore | Hackaday

        An electronic leadscrew is an increasingly popular project for small and mid-sized lathes. They do away with the need to swap gears in and out to achieve the proper ratio between spindle speed and tool carriage translation, and that makes threading a snap. But well-designed electronic leadscrews, like this one from [Hobby Machinist], offer so much more than just easy threading.

        The first thing that struck us about this build was the polished, professional look of it. The enclosure for the Nucleo-64 dev board sports a nice TFT display and an IP65-rated keyboard, as well as a beefy-looking jog wheel. The spindle speed is monitored by a 600 pulses-per-revolution optical encoder, and the lathe’s leadscrew is powered by a closed-loop NEMA 24 stepper. This combination allows for the basic threading operations, but the addition of a powered cross slide opens up a ton more functionality. Internal and external tapers are a few keypresses away, as are boring and turning and radius operations, both on the right and on the left. The video below shows radius-cutting operations combined to turn a sphere.

      • Ultra Cheap PCB Wrenches Make Perfect Kit Accessory | Hackaday

        Let’s make one thing abundantly clear. We do not, under any circumstances, recommend you replace your existing collection of wrenches with ones made out of PCBs. However, as creator [Ben Nyx] explains, they do make for an extremely cheap and lightweight temporary tool that would be perfect for distributing with DIY kits.

    • Integrity/Availability

      • Proprietary

        • Overcoming A Common Admin Black Hole: Linux Management [Ed: Shilling Microsoft's proprietary junk (AD) and then alleging Linux has a "black hole"]

          I’ll admit that we never “got there” from a governance standpoint with those Linux devices; a silo was predestined because we were built around Active Directory domain controllers that shunned Linux devices.

        • Security

          • White House Meeting Explores Ways to Secure Software Supply Chain

            The path forward will require collaboration from companies and organizations that consume and ship open source software, said Joe Brockmeier, Vice President Marketing & Publicity at Apache Software Foundation. “There’s no single “silver bullet” to get there, and it will take all of our organizations working together to improve the open source supply chain.”

          • CISA Adds 13 Known Exploited Vulnerabilities to Catalog | CISA

            CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

          • CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

            In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

          • Linux Lock Screen Policy Enables Consistent Device Governance

            Every operating system should have security controls deployed, and Linux is no exception. Having a lock screen policy is even more of a consideration with a remote workforce where team members could be using a local coffee shop or other unsecured locations as an “office,” which increases the odds that bad actors could obtain physical access to devices. JumpCloud has created an easy-to-deploy policy to configure lock screen settings for Linux throughout your fleet, providing consistent governance and a scalable method for a secure OS configuration.

          • Oracle Releases January 2022 Critical Patch Update

            Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    • Environment

    • Digital Restrictions (DRM)

      • SGX Deprecation Prevents PC Playback of 4K Blu-ray Discs

        This week Techspot reported that DRM-laden Ultra HD Blu-ray Discs won’t play anymore on computers using the latest Intel Core processors. You may have skimmed right past it, but the table on page 51 of the latest 12th Generation Intel Core Processor data sheet (184 page PDF) informs us that the Intel Software Guard Extensions (SGX) have been deprecated. These extensions are required for DRM processing on these discs, hence the problem. The SGX extensions were introduced with the sixth generation of Intel Core Skylake processors in 2015, the same year as Ultra HD Blu-ray, aka 4K Blu-ray. But there have been numerous vulnerabilities discovered in the intervening years. Not only Intel, but AMD has had similar issues as we wrote about in October.

Another Video IBM Does Not Want You to Watch

Posted in IBM at 1:20 am by Dr. Roy Schestowitz

Yesterday: Someone Is Very Desperate to Knock My Account Off Twitter

Hours ago: What IBM Does Not Want You to Watch

Summary: It seems very much possible that IBM (or someone close to IBM) is trying to purge me from Twitter, so let’s examine what they may be trying to distract from. As we put it 2 years ago, "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss).

01.18.22

What IBM Does Not Want You to Watch

Posted in IBM, Videos at 4:04 pm by Dr. Roy Schestowitz

Minutes ago: Someone Is Very Desperate to Knock My Account Off Twitter

Video download link

Summary: Let’s ‘Streisand it’…

Good News, Bad News (and Back to Normal)

Posted in Debian, GNU/Linux at 3:50 pm by Dr. Roy Schestowitz

Video download link | md5sum 948cc5f102085cd52f4d356b486c2586
Major Incident and Recovery
Creative Commons Attribution-No Derivative Works 4.0

Summary: When many services are reliant on the integrity of a single, very tiny MicroSD card you’re only moments away from 2 days of intensive labour (recovery, investigation, migration, and further coding); we’ve learned our lessons and took advantage of this incident to upgrade the operating system, double the storage space, even improve the code slightly (for compatibility with newer systems)

THE good news is that Gemini is expanding faster than we predicted earlier this month. Lupa is now just 11 capsules short of 2,000 and yesterday we received some E-mails asking about Gemini downtime (we also got some inquiries over IRC, which means the Gemini capsule really matters to people).

“These things are inherently fragile; telling people to reduce the number of write operations is almost unreasonable because what good is a system you cannot use (or program) as you wish?”So why was it down? The short story is, it was a hardware failure. Not the fault of GNU/Linux or anything like that (in fact, credit to GNU/Linux for letting us fetch another complete backup of the entire system despite the whole file system being in read-only mode). There was no panic, just frustration, and based on what we heard about MicroSD-based (for boot) systems such an error was inevitable and almost predictable. The latest backup (before the “emergency” one was initiated) had been marked only a few days old (contents at most a couple of days behind).

All the services are now back online, the operating system was replaced by Debian 11, and the machine has twice as much storage space as before, which ought to permit us to do things we didn’t even dare when space was tight. To reduce future downtime I also bought a spare disk (card actually) and will work on improving/reducing D-R time, as it’s likely that a similar incident will happen later this year or next year. These things are inherently fragile; telling people to reduce the number of write operations is almost unreasonable because what good is a system you cannot use (or program) as you wish?

“We’re hoping that tonight and tomorrow we can make up for the lost time…”Debian 11 is quite nice, but of course imperfect (perception is an impossibility). It’s the first time I use Debian 11 (my wife, my sister and myself all use Debian 10 on our laptops) and maybe I’ll get to write some positive things about it some time later this year (once I gain more experience/s with it).

We’re hoping that tonight and tomorrow we can make up for the lost time; I hardly slept yesterday (stayed awake for about 20 hours straight, then just 4 hours of sleep) and we have a bunch of things lined up that I never managed to publish as restoring services (like IPFS and Gemini) was more pressing a task, more urgent a need.

The hardest part (to me personally) was having to go to Town for replacement components, knowing that few shops still exist (even fewer because of the pandemic) and the bigger shops are full of unmasked people who don’t respect people’s perimeter (it’s not helping that our government likes to pretend COVID-19 is just some past event).

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts