PCs coming this year with Microsoft's integrated Pluton security chip won't be locked down to Windows 11, and users will have the option to install Linux and turn off the feature completely.
The first PCs with Pluton chips and Windows 11 PCs were shown at CES earlier this month. Major PC chip makers, including Intel, AMD and Qualcomm are embedding the Pluton processor inside processors as a secure hardware layer to protect PCs.
But Microsoft's invasion at the hardware level has some users - especially in the open-source community - on high alert. The concern relates to the chip being a proprietary backdoor for Microsoft to take control of PCs and tying the hardware closely to Windows 11.
AMD integrated Microsoft's Pluton in Ryzen 6000 chips, which were introduced at CES earlier this month. AMD's goal is to bring better security to PCs, but users can disable Pluton.
"AMD respects user choice and, as is typical with many other security technologies, we provide the ability for a user to enable or disable Pluton based on their preferences in our reference BIOS," an AMD spokeswoman told The Register.
Pluton is a Windows security technology, but it does not restrict Linux installation, the spokeswoman said.
"The year of Linux" kind of, sort of comes every year, wherein a few more people give it a try, and enthusiasts continue to love it. It's an OS that's gotten better for gaming and one that's made such an imprint on Windows Central that not all of us even bother much with Windows anymore.
Heck, Germany (part of it, to be specific) is taking another stab at ditching Windows for Linux. Many tiny pieces of the global pie are abandoning Windows in favor of the freedom of Linux and the cost-cutting benefits it entails. The question is, regardless of merit, does it stand any sort of chance of eclipsing Windows' PC market share in the short term or long term?
That is the tantalizing question at the kernelled core of the great Linux debate, and it's the one we reached out to analysts to hear their thoughts on.
The long time Phoronix reader, with an excellent long-term memory, may remember an odd article from back in August 2017 on buying a passively cooled computer. It tells the tale of the consumer who decided to buy a rather niche, fanless, therefore passively cooled computer.
Well, that was been my computer for four and a half years. Even though the I7-7700T the article portrayed has served me well. It did start to show age a little. Especially as of late, it will sometimes spontaneously reboot. It does so very rarely, without prior warning and seemingly unprovoked. Its a bit of a nuisance.
While I wrote that article in 2017 I had also come to learn of the existence of the Streacom DB4 The DB4, of all computer cases that allow for their innards to be passively cooled, has since always been the proverbial unattainable love to me: Stunning, exciting, exclusive and she knows it.
Have you ever wanted to do everything inside of the web browser, well imagine if you have an entire desktop environment inside of your web browser, well that's DaedelOS
We explain SUSE Liberty Linux and contemplate why the community seems to be selecting distributions with newer kernels.
What's more refreshing than a new kernel release to start a new year? 2021 was a year with all sorts of challenges, from fighting the pandemic to deep diving complex technical problems. In case you missed it, have a look at our Year in Review for a summary of the accomplishments made by our kernel team over the last year.
With kernel 5.16 made available earlier this month, the community has once again produced a release full of great features, like improving memory management performance via folio's API and better scheduler awareness of CPU topologies that share L2/L3 caches. You can read more about these, and other highlights, over at LWN (part1, part2) and at Kernel Newbies.
More importantly, this latest release sees the culmination of two projects that had been in development for some time by our kernel team. Collaborans contributed both the new futex syscall and the new fanotify event, two new APIs which took long hours of research and cooperation with the kernel development community to come to fruition. It's great to see the hard work of our kernel experts paying off!
Perhaps, a more intriguing innovation is a new Scalable Machine Check Architecture (SMCA) of some future AMD platforms that could use different types of SMCA and therefore cores.
"Future AMD systems will have different bank type layouts between logical CPUs," wrote Yazen Ghannam, an AMD engineer. "So having a single system-wide cache of the layout won't be correct. […] Patch 1 adds new bank types and error descriptions used in future AMD systems. Patch 2 adjusts how SMCA bank information is cached."
So far, AMD has not announced a single hybrid processor that integrates different types of cores, though the company has never completely excluded such a possibility. Since AMD will have Zen 4 and Zen 4C cores next year, perhaps this is the time when the company might consider a CPU with both big and smaller cores. Alternatively, a new SMCA may indicate that Zen 4C will have a different machine check architecture than other Zen cores, which is why AMD needs to implement its support into Linux.
After weeks of hunting for the latest rumors of jekstrand’s future job prospects, I’ve finally done it: zink now supports more extensions than any other OpenGL driver in Mesa.
That’s right.
Check it on mesamatrix if you don’t believe me.
A couple days ago I merged support for the external memory extensions that I’d been putting off, and today we got sparse textures thanks to Qiang Yu at AMD doing 99% of the work to plumb the extensions through the rest of Mesa.
There’s even another sparse texture extension, which I’ve already landed all the support for in zink, that should be enabled for the upcoming release.
When it comes to OpenGL extension support, the Zink generic OpenGL-on-Vulkan implementation now has as robust coverage as core Mesa offers and what is implemented by the LLVMpipe software driver, RadeonSI Gallium3D, and the Intel i965 drivers.
Zink has already offered OpenGL 4.6 support but now after recently adding some additional extensions that aren't mandated by version 4.6, it is now on-par with the other drivers for the raw number of extensions exposed and exceeds the other drivers for non-core extensions.
Zink along with core Mesa / LLVMpipe / RadeonSI / i965 are at 160 extensions exposed while being the set of open-source drivers supporting OpenGL 4.6.
A handful of new AMD Radeon open-source GPU sofware releases were made today for developers.
First up, AOMP 14.0-1 is out. AOMP is AMD's downstream of LLVM/Clang targeting OpenMP offloading for Radeon GPUs. AOMP is one of several downstreams maintained at AMD and this one is all about carrying the latest Radeon OpenMP GPU offloading work until it is all upstreamed -- or in other cases, patches that are experimental or not applicable for upstreaming.
Data security and privacy have never been more critical for individuals, businesses, and organizations. However, there is no one-fit-all solution for data privacy. One solution is to encrypt your data, files, or disk drive.
Our article by Pulkit Chandak demonstrates some of the best ways to encrypt files in Linux. It illustrates reliable ways to encrypt files using GnuPG, ccrypt, 7-zip, VeraCrypt, and Tails OS. This article highlights more open source tools to create file vaults and encrypt and decrypt disk drives. It will also demonstrate how to create an encrypted file vault in a scenario where you do not want to encrypt your entire disk drive.
You must have dealt with text files containing duplicate lines and words. The uniq tool is your best chance in Ubuntu where text files and redundant information are involved.
In Ubuntu, the uniq command is used to show duplicate lines in a text file. If you wish to eliminate identical words or lines from a text file, this command can assist. Because the uniq command looks for unnecessary copies by matching neighbouring lines, it can only be used with sorted text files.
In this tutorial, you will learn how to remove duplicate text from text files using the uniq command. You will also learn the full capabilities and options that the uniq command provides.
In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic/ELK stack supports user authentication. This enables it to restrict access to various resources within the cluster. To access these resources when authentication is enabled, a user has to prove their identity using username/passwords or other forms of identity depending on the authentication realm enabled.
Collectd is a daemon which collects system and application performance metrics periodically and provides mechanisms to store the values in a variety of ways, in our case sending to Graphite. Collectd gathers metrics from various sources, e.g. the operating system, applications, log files and external devices, and stores this information or makes it available over the network. Those statistics can be used to monitor systems, find performance bottlenecks (i.e. performance analysis) and predict future system load (i.e. capacity planning). Or if you just want pretty graphs of your private server and are fed up with some homegrown solution you’re at the right place, too.
Grafana Loki is an open source log aggregation tool provided by the Grafana Labs. It is a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream. This reduces the workload of processing and storing logs.
Promtail is Loki’s log collector, which sends log tags to Grafana Loki for indexing.
Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. It is an open-source utility for log processing. It permits the logging of data from different types of systems in a central repository. Rsyslog is a Syslog protocol with more extensions, features, and benefits.
Rsyslog can deliver over one million messages per second to local destinations when limited processing is applied making it so powerful. By default, Linux uses the syslog daemon to record logs about how the system is running and then putting these logs into a central repository in: /var/log where we can examine and investigate them. In simple terms of meaning everything from kernel events to user actions is logged by Linux, allowing you to see al most any action performed on your pc or servers.
so, ext4 is good for notebooks & desktops & workstations (that do regular backups on a separate, external, then disconnected medium)
is zfs “better” on/for servers?
Redmine is a free and open-source project management software and issue tracking tool. It is written using the Ruby on Rails framework and can be integrated with various version control systems. It includes a repository browser and diff viewer. It can be used to manage projects features per project wikis and forums, time tracking and role-based access control. It is cross-platform, cross-database and supports 49 languages.
In this tutorial, you will learn how to install Redmine on a Rocky Linux 8 based server.
Alphanumeric is a description of characters that is both letters and numbers. Typically you will see this term when setting a username on a website or elsewhere- when there is a restriction around the characters you are able to use. ‘1ffcs3rf1a’ is an example of a an alphanumeric string.
In this video, we are looking at how to install the Vivaldi Browser on Elementary OS 6.0.
Having app shortcuts on your desktop significantly decreases the time it takes to launch an app. Here's how to add desktop shortcuts on Ubuntu.
Unlike Windows, Ubuntu doesn't automatically add desktop shortcuts for the apps you install. While this might not cause problems for experienced Linux users, those who come from Windows can find this behavior strange, provoking them to switch back to their old OS. After all, who wouldn't want the convenience of launching their apps directly from the desktop—that's what a desktop is for!
In this guide, you'll learn how to create and add application shortcuts to the Ubuntu desktop. Let's delve right into it.
Today we are looking at how to install BASTON by Txori on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
During the implementation of OpenStack workloads, a common issue is fragmentation throughout the network, causing unforeseen performance issues. Fragmentation is normally difficult to address because networks can get complex, so the path of packets can be hard to trace or predict.
Prime OS is an Android operating system for the desktop that you can use for video editing, games or other purposes. Currently, Prime OS version 2.01 which uses android 11, has been released in Beta. I feel that this OS Update is experiencing a lot of development.
In this video, I am going to show how to install GhostBSD 22.01.12.
Rclone is a wonderful tool. It is a simple script that allows you to manage your files over a number of cloud storage providers seamlessly. It has an intuitive command line interface and a powerful set of features that, among other things, allow you to migrate data from one cloud remote to the other, combine multiple cloud remotes with one another and transparently encrypt and decrypt data. This article focuses on the last point.
Graphite is a free open-source software tool that monitors and graphs numeric time-series data such as the performance of computer systems. Graphite monitoring provides operations teams with visibility on varying levels of granularity concerning the behavior and mannerisms of the systems and applications. This leads to error detection, resolution, and continuous improvement.
Graphite stores numeric time-series data (metric, value, epoch timestamp) and renders graphs of this data on demand. A time-series is a sequence of observations taken sequentially in time. Time series analysis reveals trends and patterns associated with external factors and anomalies. With adequate graphing teams and enough time series data, it’s even possible to intuitively forecast future events.
FileZilla is a free FTP client that offers many convenient functions and is easy to use. Although it is popularly used on Windows systems, however being an open-source application it is also available for Linux systems. Here we learn the commands to install FileZilla Client on Rocky Linux or AlmaLinux 8.
If you already have an FTP server, for example, on some hosting or cloud service, then easily upload and download the files using FTP/SFTP protocol with graphical clients such as FileZilla.
Apart from this, the FileZilla client also supports working with multiple FTP servers and different operating systems. FileZilla allows you to connect to an FTP server even if you use a firewall or want to use a proxy server. If desired, the connection can also be secured with SSL. Aborted downloads can also be seamlessly resumed. And if the server is busy, you can still continue your downloads thanks to the keep-alive system.
After a year of development, Wine, the software for running Windows apps on Linux finally released new stable 7.0 version with over 9,100 individual changes.
In Wine 7.0, most modules have been converted to PE format (Portable Executable, the Windows binary format) instead of ELF. This helps various copy protection schemes that check that the on-disk and in-memory contents of system modules are identical.
Oversteer continues to be the best way to setup and configure Steering Wheels on Linux. Oversteer 0.7.0 is out now and expands support for more wheels. Since, like a lot of other special hardware, the original manufacturer doesn't support Linux, community efforts like this are essential.
Paradox Interactive are gearing up ready for the next major update to their space strategy game Stellaris. A new opt-in Beta is available for the 3.3 Unity update.
There's still plenty of work to be done to finish the update with it still in active development, however this is your time to get in early and see what's new and report any issues. Currently some new localization strings are only in English and there's some placeholders but there's a lot of new features and reworks.
Kitsune Tails is an upcoming LGBTQ-focused retro story platformer from Kitsune Games and MidBoss, LLC. that's due out later this year. Looks great for platformer fans and it's going to have quite the voice cast.
There's what seems like a nice big mix of people getting involved with Kira Buckland (the voice of iconic NiEr: Automata protagonist 2B, Street Fighter V’s Falke, and JoJo's Bizarre Adventure: Stone Ocean’s Jolynne Cujoh) plus Angela Tran (Genshin Impact, Lake, Summer in Mara), Katlyn Dannes (The Homework's Revenge: Esther in Wonderland and Square Roots), Brent Mukai (Ratchet and Clank: Rift Apart, Pokemon Masters) and more.
We are pleased to announce that Red Hat Satellite 6.10.2 is generally available as of January 19, 2022.
Red Hat Satellite is part of the Red Hat Smart Management subscription that makes it easier for enterprises to manage patching, provisioning, and subscription management of Red Hat Enterprise Linux infrastructure.
Red Hat Satellite is a powerful content management and provisioning tool that you can add to any Red Hat Enterprise Linux (RHEL) subscription with the addition of a Smart Management subscription. With Red Hat Satellite you can curate specific content across multiple lifecycle environments throughout your entire RHEL environment whether it is on-prem, in the cloud or hybrid. In fact you can use Red Hat Satellite with your market-place instances of RHEL.
In this multi-part tutorial we will cover how to provision RHEL VMs to a vSphere environment from Red Hat Satellite. We will focus on provisioning RHEL 8.3 VMs in one lifecycle environment, but you can easily adapt what you learn here to provision other RHEL versions.
In part 1, I'm documenting the steps for a simple "lab" install of Satellite 6.9. The purpose of this setup is to give you a quick hands-on experience with Satellite. The lab infrastructure is deployed to a small vSphere 6.7 lab environment with three EXSi servers that have internet access for the installation.
Red Hat with the Fedora community have been working for years now to make Cockpit very capable for a web-based interface for administering Linux servers. In addition to this year working on shifting their Anaconda installer to a web-based interface that makes use of Cockpit, from this web management portal they are wanting to make it easier to setup file sharing with NFS and Samba.
A Fedora 36 change proposal has been submitted to ship a new Cockpit module to make file sharing with Samba and NFS easier. This new module would provide a graphical web interface for provisioning and maintenance of NFS and Samba shares that can complement the existing command-line based controls for NFS and Samba servers.
Just an update on what I've been working on :) Click through to see my process and progress starting to create a web page mock-up for Fedora IoT as part of the Fedora Website Revamp!
As part of the Fedora Website Revamp, I got tasked with creating a mock-up of the Fedora IoT web page. I reference the Fedora IoT logo a lot here. I was unable to locate high quality SVGs, so I just made some quick vectors as placeholders.
My sole role at Debian alongside my teammate, aided by our mentors, is to facilitate the Node.js 16 and Webpack 5 Transitioning. What exactly does that mean?
Node.js 16, as of the time of this writing, is the active LTS release from the Node.js developers while Webpack 5 is also the current release from the Webpack developers. At Debian we have to work towards supporting these packages. Debian as an OS comes with a package manager coined Advanced Package Tool or simply APT on which command-line programs specific to Debian and it's many-flavored distributions, apt, apt-get, apt-cache are based. This means before the conception of yarn and npm, the typical JavaScript developer's package managers, apt has been. Debian unlike yarn and npm, ideally only supports one version of a software at any point in time and on edge cases may have to support an extra one as noted in this chat between my mentor and a member.
Sometimes it's nice for testing purpose to have the OpenWRT userland available locally. Since there is an x86 build available one can just run it within qemu.
Arbor’s fanless, rugged “ARES-1980” runs Ubuntu or Win 10 on Intel’s 11th Gen U-series CPUs with up to 64GB DDR4, 2.5-inch SATA, triple display support, 2.5GbE, 2x GbE with PoE, 4x USB 3.2 Gen2, 4x serial, DIO, 2x M.2, and mini-PCIe.
Arbor has launched a rugged, 210 x 180 x 60mm ARES-1980 embedded PC designed for industrial and in-vehicle applications. The system, which follows earlier ARES-branded Arbor computers such as the Apollo Lake based ARES-5310, runs Ubuntu 20.04 or Windows 10 IoT on Intel’s 11th Gen Tiger Lake-U processors.
Amanda Casari is an open source scientist with the Google Open Source Programs Office where she leads Google’s research and engineering work with Project OCEAN. Open source programs offices (OSPOs) are established in organizations as a means to centralize policies, strategies, and guidance, and to ensure common practices across complex teams working on open source projects. Amanda offers some structure for any organization working with open source that is considering starting an OSPO of their own.
Today the European Parliament adopted its report on the draft Digital Services Act, the EU’s flagship proposal to improve internet health. Today’s vote is a crucial procedural step on the road to bringing the draft rules to reality, and we commend Members of Parliament for their efforts.
Do you want to contribute to the LibreOffice development, but you don’t know enough about the LiberOffice code internals? Do you want to enhance the application or fix a bug in LibreOffice, but you don’t know how to do that? LibreOffice developer community can help you not only for at the beginning, but by helping you focus on the right aspect of the code. Reviewers will review your code that eventually will be part of the LibreOffice code!
For the third time now, I've asked Société de Transport de Montréal, Montreal's transit agency, for the foot traffic data of Montreal's subway. I think this has become an annual thing now :)
One of the more broadly-useful things to come out of KDE Frameworks efforts is, in my opinion, the KDE Extra CMake Modules (ECM). Since KDE software nearly-universally uses CMake as (meta-)build system, a lot of common functionality is distilled into the ECM. It makes building KDE software more consistent and generally easier. Inspired by KDE ECM, let me present ARPA2CM, a conceptually-similar set of CMake modules for a different software stack.
A new release 0.4.15 of RQuantLib arrived at CRAN earlier today, and has been uploaded to Debian as well.
QuantLib is a very comprehensice free/open-source library for quantitative finance; RQuantLib connects it to the R environment and language.
The release of RQuantLib comes four months after the previous release, and brings a momitor update for the just-released QuantLib 1.2.5 version along with a few small cleanups to calendars and daycounters.
Python is one of the top programming languages in use today, and, along with JavaScript, it’s also considered as one of the easiest languages to learn.
Python is a general-purpose language that is widely used to build websites and software, automate tasks, and conduct data analysis, according to Coursera. For example, data scientists and other data professionals frequently use Python “to conduct complex statistical calculations, create data visualizations, build machine learning algorithms, manipulate and analyze data, and complete other data-related tasks.” Entry-level software developers can also leverage Python skills to improve their job prospects and earn higher salaries.
When you see something made from metal that seems like it would be impossible to manufacture, chances are good it was made with some variety of electrical discharge machining. EDM is the method of choice for hard-to-machine metals, high aspect ratio hole drilling, and precise surface finishes that let mating parts slip together with almost zero clearance. The trouble is, EDM is a bit fussy, and as a result hasn’t made many inroads to the home shop.
[Action BOX] aims to change that with a DIY wire EDM machine. In wire EDM, a fine brass wire is used as an electrode to slowly erode metal in a dielectric bath. The wire is consumable, and has to constantly move from a supply spool through the workpiece and onto a takeup spool. Most of the build shown in the video below is concerned with the wire-handling mechanism, which is prototyped from 3D-printed parts and a heck of a lot of rollers and bearings. Maintaining the proper tension on the wire is critical, so a servo-controlled brake is fitted to the drivetrain, which itself is powered by a closed-loop stepper. Tension is measured by a pair of strain gauges and Arduinos, which control the position of the shaft brake servo and the speed of the motor on the takeup spool.
Far and away the favorite entry was the Giant 555 Timer by [Rudraksha Vegad]. Every one of our judges rated it in the top five, and it took top honors twice. On its face, this is a simple “giant 555 in a box” build, but have a look under the hood. Each sub-module that makes up the 555 — comparators, flip-flop, and amplifier — are made from salvaged discrete parts in actual breadboard fashion, soldered to brass nails hammered into wood. As an end product, it’s a nice piece of woodworking, but as a process of creation, it’s a masterwork in understanding the 555 at its deepest level. We should all make one!
The Menorah555 is a simple design with some very nice tricks up its sleeve. Perhaps the cutest of which is pulling the central candle out and lighting the others with it — a trick that involves a supercapacitor and reed switches. Each of the candle lighting circuits, however, use a 555 timer both for its intended purpose of providing a timed power-on reset pulse, and another 555 is used as a simple flip-flop. It’s a slick design, and a great user interaction.
The Cyclotone Mechanical Punk Console Sequencer is a rotating tower of circuit sculpture and noisemakers. This one looks great, is amazingly well documented in the video series, and uses a billion clever little tricks along the way. The 555’s role? Each of the four levels is the classic Atari Punk Console circuit.
“LEDs improve everything.” Words to live by. Most everything that Debra Ansell of [GeekMomProjects] makes is bright, bold, and blinky. But if you’re looking for a simple string of WS2812s, you’re barking up the wrong tree. In the last few years, Debra has been making larger and more complicated assemblies, and that has meant diving into the mechanical design of modular PCBs. In the process Debra has come up with some great techniques that you’ll be able to use in your own builds, which she shared with us in a presentation during the 2021 Hackaday Remoticon.
Many embedded devices that require a setup menu will use a USB serial port which you connect to your favorite terminal emulator. But we recently encountered a generic USB knob that did setup using a text editor, like Notepad or even Vim (although that was a bit ugly). A company called iWit makes several kinds of USB knobs which end up in many such products.
Working too hard? Is that overtime making you feel like you're caught in the vice-like jaws of burnout? Well, keep on carrying on because far from negatively impacting your well-being, it might actually be good for you if you love your job.
Or so says research from the ESCP Business School by Argyro Avgoustaki, an associate professor of Management and Almudena Cañibano, an associate professor in Human Resources Management.
The crucial distinction comes from the motivation behind why individuals put in those extra hours: whether it is due to an inner desire or external pressures from the higher ups.
Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.
"If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."
The open source community is working on many simultaneous challenges, not the least of which is addressing vulnerabilities in the core of our projects, securing the software supply chain, and protecting it from threat actors. At the same time, community health is equally as important as the security and vitality of software code.
We need to retain talented people to work on complex problems. While we work urgently on implementing security best practices such as increasing SBOM adoption to avoid another Log4J scenario, we can’t put the health of our communities on the open source back burner, either.
Our communities are ultimately made up of people who contribute, have wants and needs, and have feelings and aspirations. So while having actionable data and metrics on the technical aspects of open source projects is key to understanding how they evolve and mature, the human experience within project communities also requires close examination.
Newly combined security outfits McAfee and FireEye have revealed a new name: "Trellix".
Readers may find the name familiar, as another tech company used the same name in the 1990s and early 2000s when it offered intranet and web published tools such as Trellix Web.
CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.
The price for software security and maintainer burnout
2022 started reminding us that software security is a problem not only for open source packages. At the same time, “how to remunerate open source maintainers?” is a question with impossibly numerous answers: we need focus to find different solutions for different problems.
Lots of security issues packed in a few weeks: December 2021 saw the Log4j package knocked down by a nasty bug. In January 2022 we witnessed an act of self-sabotation by a maintainer of two NPM packages. On New Year's Day a bug in Microsoft Exchange ruined the celebrations for many system administrators. Very different scenarios that confirm how complex and fragile our IT infrastructure is. With open source software so popular, shipped in millions of software packages, the open source communities risk becoming a punching bag for problems it cannot necessarily solve.
The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.
The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.
If you're not running any containers, you can just disable the user-namespace functionality – both companies' vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.
So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it's time to upgrade them now. That means 21.10 "Impish Indri" for the moment, until the next LTS release appears in April.
Security updates have been issued by Debian (drupal7), Fedora (kernel, libreswan, nodejs, and wireshark), openSUSE (busybox, firefox, kernel, and python-numpy), Oracle (gegl, gegl04, httpd, java-17-openjdk, kernel, kernel-container, and libreswan), Red Hat (kernel, kernel-rt, and libreswan), Slackware (wpa_supplicant), SUSE (busybox, firefox, htmldoc, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container, openstack-monasca-agent, spark, spark-kit, zookeeper, and python-numpy), and Ubuntu (curl, linux, linux-aws, linux-aws-5.11, linux-aws-5.4, linux-azure, linux-azure-5.11, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.11, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oem-5.10, linux-oem-5.13, linux-oem-5.14, linux-oracle, linux-oracle-5.11, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, openvswitch, and qtsvg-opensource-src).
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.
Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Facebook’s India HRIA (Human Rights Impact Assessment) report should be made public in line with the company’s responsibility to respect human rights, a group of 21 rights organisations demanded in a letter addressed to Miranda Simmons, Director of Human Rights at Meta.
In November last year, the Wall Street Journal reported that the company had inordinately delayed the release of the HRIA which was commissioned more than a year ago. External researchers who were involved in the report had raised concerns that Facebook was narrowing its scope, changing definitions, etc.
Facebook has come under increased scrutiny, especially in India, after whistleblowers exposed the social media platform’s inaction on hate speech, among other issues.
The British government's PR campaign to destroy popular support for end-to-end encryption on messaging platforms has kicked off, under the handle "No Place To Hide", and it's as broad as any previous attack on the safety-guaranteeing technology.
Reported by us well in advance last year, the €£500k campaign aims to destroy public support for end-to-end encryption (E2EE) as part of a wider strategy.
That intends to make it easy for police workers and other public-sector snoopers to read the public's online conversations without having to get prior permission or defeat privacy protections.
Judging by videos earnestly distributed by organisations supporting it, the No Place To Hide campaign (being run by ad agency M&C Saatchi) is much wider than merely targeting Facebook Messenger as was previously thought.
One year ago, during a raging pandemic in a deeply polarized country, Joe Biden and Kamala Harris became President and Vice President of the United States. They were inaugurated only a few weeks after the attack on the U.S. Capitol, which was facilitated in part by the failure of social media platforms to deal effectively with calls for violent insurrection.
Since then, a lot has happened. We’ve been tracking key digital rights developments in our 2021 U.S. tech policy tracker, which we are now sunsetting. The upshot: While digital rights activists and whistleblowers like Frances Haugen turned a global spotlight on the need to rein in Big Tech and better protect our rights, overall the Biden-Harris administration fell short of its promise in the first year.
This blog walks you through the victories worth celebrating, and what more the administration needs to accomplish before 2024. We’re hopeful that more digital rights wins are headed our way, especially on issues that have global impact. We all deserve better.
The buzzword of the moment in the frothier portions of the technology press is inescapable: “Web 3”. This is a collective word for a new generation of decentralised online applications using blockchain technologies, and it follows on from a similar excitement in the mid-2000s surrounding so-called “Web 2” websites that broke away from the static pages of the early Internet.
It’s very evident reading up on Web 3, that there is a huge quantity of hype involved in talking about this Next Big Thing. If this were April 1st it would be tempting to pen a lengthy piece sending up the coverage, but here in January that just won’t do. Instead it’s time to peer under the hype and attempt to discern what Web 3 really is from a technology standpoint. Sure, a Web 3 application uses blockchain technology, often reported breathlessly as “the Blockchain” as though there were only one, but how? What is the real technology beneath it all?