02.14.22

Gemini version available ♊︎

Links 15/2/2022: pgAdmin 4 6.5, Kali Linux 2022.1, and KaOS Linux 2022.02

Posted in News Roundup at 8:45 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • 5 Major Developments in Desktop Linux in 2022

        Linux is an ever-evolving family of operating systems. Here are some of the desktop advancements you can expect to see in Linux in 2022.

        Linux is the dominant operating system on servers, but it’s much less well-known as a desktop operating system. Yet the Linux desktop has come a long way in the past decade, and the momentum isn’t slowing.

        Linux development happens out in the open, but unless you know where to look, it’s easy to miss. Here are several major developments happening simultaneously to keep your eyes on.

    • Audiocasts/Shows

      • Manjaro 21.2.0 GNOME Edition Quick overview #Shorts – Invidious

        A Quick overview of Manjaro 21.2.0 GNOME Edition.

      • mintCast 378 – Reaching Enlightenment – mintCast

        First up in the news, Mint 20.3 Una is released, Pipewire has a new release and Solus co-lead resigns

        In security, Ubuntu Kernel update fixes vulnerabilities and Ryzen Mobile CPU’s and Pluton Security

        In our Wanderings, Joe talks about the HPR New Year Show, Norbert watched a new series, Bill has been on the grind with cold temperatures, Nishant joined the Serenity OS team and Moss is back

      • XeroLinux. Is It Just About The Eyecandy? – Invidious

        XeroLinux is an Arch-based Linux distro that focuses heavily on eyecandy and polish. XeroLinux comes in three different desktop editions: KDE Plasma, GNOME and Xfce. Today, I’m going to take a first look at their flagship edition (KDE).

      • Stop Praising High Linux System Uptime! – Invidious

        Every so often I see people talk about how much uptime [their] linux system has and I have no idea why people praise this, a high system uptime isn’t something that should be praised in fact, you should be mocked for not updating your system for that long.

    • Kernel Space

      • Using Device Tree Overlays, example on BeagleBone boards

        The Device Tree language is a way to describe hardware that is present in a system and cannot be automatically detected. That’s the case of devices directly implemented on a System on a Chip, such as serial ports, Ethernet or Nand flash controllers. That’s also the case of devices connected to a number of buses, such as I2C and SPI, that do not provide mechanisms for dynamic enumeration and identification of devices.

        For a given CPU architecture (ARM, PowerPC, etc), such a description allows to have a unique kernel supporting many different systems with distinct Systems on a Chip. The compiled Device Tree (DTB: Device Tree Binary), passed to the kernel by the bootloader at boot time, lets the kernel know which SoC and devices to initialize. Therefore, when you create a new board, and want to use a standard GNU/Linux distribution on it, all you have to do is create a new Device Tree describing your new hardware, compile it, and boot the distribution’s kernel with it. You don’t need to recompile that kernel, at least when it supports your SoC and the devices on your board.

      • Intel software-defined silicon to debut with the next version of Linux

        Intel’s plans for software-defined silicon (SDSi) will begin to fall into place with the next version of the Linux kernel, it has emerged.

        The company has remained tight-lipped about the SDSi initiative, whereby customers will pay an additional fee to activate certain features built into their processors. Although Intel has acknowledged the existence of the scheme, it has so far offered no specifics as to which capabilities can be toggled on or off and which CPUs will be compatible.

        However, a message sent to the Linux Kernel Mailing List by a Red Hat developer has revealed Intel’s SDSi code will be incorporated into the Linux kernel “before the 5.18 merge window”, which commences at the end of March. The finalized version of Linux 5.18 is expected to land in May.

      • AMD’s Linux tweaks pave the way for USB 4 in Ryzen 6000 laptops

        AMD has made tweaks to USB 4 handling in Linux, which come on top of recent patches to ensure that USB 4 works with laptops powered by Ryzen 6000 mobile silicon.

        As you may recall, laptops with Ryzen 6000 APUs inside – otherwise known as ‘Rembrandt’ chips – are the first to support USB 4 (and therefore Thunderbolt 3, optionally) on the AMD front, with Team Red now pushing to get the software side ready for when these devices launch, and they should arrive imminently (the company has previously said Ryzen 6000 notebooks will be out at some point in February, or the first models should be, anyway).

      • Graphics Stack

        • NVIDIA fix up a Vulkan problem with the v510.54 driver release

          NVIDIA decided Linux gamers need a little love on Valentines Day so they put up a small driver release for you.

          In comparison to previous drivers, it’s not going to make any big headlines. There’s no big new features, no new Vulkan extensions or performance improvements. Instead, there’s quite an essential bug fix included.

    • Benchmarks

      • Linux Snatches Alder Lake Productivity Crown From Windows 11 | Tom’s Hardware

        The latest Kernel updates for Linux have brought some important performance optimizations for Intel Alder Lake CPU owners. When Intel’s 12th-Gen Core processors first launched in Q3 2021, they were better performers in Windows 11 (with its new scheduler) than in Linux. Now, thanks to Linux kernel improvements since Linux 5.16, the open source OS has retaken the lead with Intel’s first desktop hybrid architecture processors. Linux-centric site Phoronix ran a bevy of benchmarks looking at browsing, coding, rendering, encoding, and de/compression.

    • Applications

      • The 8 Best Apps to Transfer Files Between Android and Linux

        Need to share a file from your Linux desktop to Android, or vice versa? Check out these eight apps that let you transfer your files effortlessly.

        As an Android user who runs Linux on their desktop, you have several options for transferring files between your Android phone and Linux computer. Using a USB cable or Bluetooth are two such methods.

        However, while these methods can help you transfer files between your devices, they tend to be inefficient when you need to transfer files frequently. File transfer apps, on the other hand, are a much better option, as they facilitate quick and efficient file transfers between devices.

        Here are the best apps to transfer files between Android and Linux that you must check out.

      • Best PDF Editors to Edit PDF Documents in Linux

        The PDF file format is one of the most widely used document formats that is used to attach, transfer and download digital files thanks to its ease of use, portability, and ability to preserve all elements of a file. You can seamlessly view a PDF document across multiple devices without visual alteration of its contents.

        Occasionally, you might want to modify your PDF and maybe add text, images, fill forms, append a digital signature, and so on. In this guide, we have put together a list of PDF editors (both free and proprietary) that you can leverage to modify your PDF documents.

      • 10 Lightest Linux Apps and Programs to Speed Up an Old PC

        You could tune up a car by yanking out the engine and putting in a new one, but that’s pretty drastic. Sometimes, so is switching your Linux distribution. Sure, that’s a great way to breathe life into an aging machine—but it’s also a lot of work!

        Even if you go through that effort, it doesn’t matter if you’re using heavy applications. So if you want to lighten the load on your Linux-powered machine, these are the programs you want to run.

      • Announcing Istio 1.12.3

        This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.12.2 and Istio 1.12.3.

    • Instructionals/Technical

      • How to Use the dd Command in Linux

        dd is one of the most important commands in Linux, mostly used in backing up hard disks and partitions. When utilized correctly, dd can be a powerful tool for writing data from one partition to another and performing different tasks with files. Here we show you how to put the dd command to good use.

      • How to Set Up WordPress Multisite with OpenLiteSpeed on Ubuntu 20.04 – RoseHosting

        WordPress is a free, open-source, and one of the best content management systems around the world. It is based on PHP and uses MySQL/MariaDB as a database backend. It provides a simple and easier way to create a simple to advanced blog or website. It provides a web-based frontend to create and manage a website.

        OpenLiteSpeed is a high-performance, lightweight, open-source HTTP server edition of LiteSpeed Web Server Enterprise.

        In this guide, we will show you how to install WordPress multisite with OpenLiteSpeed on Ubuntu 20.04 server. A multisite network is a group of sites sharing the same WordPress installation and could also have the same plugins and themes.

      • How To Change Passwords in Linux | Tom’s Hardware

        Passwords are one of the most important aspects of computing. They keep our bank accounts, user profiles and computers safe (as long as we don’t reuse passwords). Just to log into our computers, most of us need a password and, for Linux, this is even more important.

        Managing passwords via the terminal is relatively simple. Users can change their own passwords and users belonging to the sudo (super user) account can administrate the passwords of other users.

        In this how-to we’ll learn the basics of passwd, a command designed to manage passwords. We will also learn a few advanced arguments for this command, arguments which will enhance its use and make our lives easier.

        These commands will work on most Linux machines. Our test PC ran Kubuntu 21.10 but you can also run through this how-to on a Raspberry Pi. All of the how-to is performed via the Terminal.

      • How to Install UVdesk Helpdesk on Ubuntu – VITUX

        UVdesk is an open-source helpdesk platform. It is designed to provide a convenient web-based helpdesk for companies that can be accessed from anywhere in the world. You can set up an account, build your own support center, and try out many different ways of interacting with customers. There are lots of features so you will not feel like you are using every function. The user interface is very easy to use, as well as being highly customizable by way of CSS or JavaScript, depending on what you would like to do.

      • How to Customize the Orange Dots in the Dock of Ubuntu 20.04 / 22.04 | UbuntuHandbook

        Ubuntu by default shows orange dots under app icons in the dock panel, indicate the apps have running windows. They are called ‘running dots‘. And, Ubuntu provides hidden settings to change the style as well as colors if you don’t like the default look and feel.

      • How to Build a Continuous Delivery/Deployment Pipeline Using Jenkins.

        In this post, you will learn how to build a Continuous Delivery using Jenkins

      • How To Install Kimai web-based time tracking application in Linux

        Kimai is a Free Time-Tracking App (open-source), With Kimai, the boring process of feeding Excel spreadsheets with your working hours is not only simplified, it also offers dozens of other exciting features that you don’t even know you’re missing so far!

        Kimai does not have to run while recording, you can even quit your browser. Your time is still recording until you stop it from any web browser that has access to your installation. It is designed to hold lots of users, but you can also use it for a single user if you want to.

      • How to install RStudio on a Chromebook

        Today we are looking at how to install RStudio on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

      • How to install OnlyOffice on Zorin OS 16 – Invidious
      • How to deploy and test the new release of ONLYOFFICE Document Server | TechRepublic

        ONLYOFFICE is one of many options for those looking to host their own alternative to Google Workspaces. Recently ONLYOFFICE unleashed v7 of its platform, which includes exciting new features like a built-in form builder. Along with other features such as Projects, CRM, Mail, Contacts and Documents, ONLYOFFICE could be a perfect solution for those looking to bring such a tool in-house.

      • How to Use xargs to Process Piped Arguments in Linux

        If you try to pipe the output from one Linux command into another, you may run into errors where the command fails because its argument list is too long.

        Fortunately, there’s a command on Linux systems that properly formats arguments to commands. It’s called xargs and here’s how to use it.

      • Install/Enable Configure UFW Firewall on Ubuntu 22.04 – LinuxCapable

        One of the keystones of any operating system is a properly configured firewall for complete system security. Ubuntu uses IP tables; however, most users will use software that works as a front end with UFW (Uncomplicated Firewall).

        Some of the great benefits of UFW are its simplicity, user-friendly and easy-to-use command line, making it great for beginners in Linux to the most advanced power users.

        In the following tutorial, you will learn to install and set up UFW Firewall on Ubuntu 22.04 LTS Jammy Jellyfish desktop or server.

      • Install MKVToolNix 65.0.0 On Ubuntu /AlmaLinux & Fedora | Tips On UNIX

        MKVToolNix is an open-source software to create, alter and inspect Matroska files. MKVToolNix is available to end-users as a graphical and command line.

        MKVToolNix recently released a new version 65.0.0 and users are recommended to upgrade to this version, due to bug fixes and new features added to this release.

        This tutorial will be helpful for beginners to download and install MKVToolNix 65.0.0 on Ubuntu 20.04 LTS, Ubuntu 21.10, AlmaLinux 8, and Fedora 35.

      • Detecting Log4Shell with Wazuh

        This time, you will learn about Detecting Log4Shell with Wazuh

        The Apache Log4J is one of the most common logging libraries in Java, mainly used for error messages. It is part of several high valued applications including iCloud, Twitter, and Minecraft amongst others.

        Recently, a zero-day vulnerability dubbed Log4Shell with CVE CVE-2021-44228 was detected in Apache’s Log4J 2 that allows malicious actors to launch Remote Code Execution (RCE) attacks. This means that an assailant can remotely send commands to a server running vulnerable applications.

        The affected Apache Log4j 2 versions are 2.0-beta9 to 2.15.

        As a matter of fact, version 2.15.0 which was the initial fix for the vulnerability was later discovered to still be vulnerable. So it is recommended to update to version 2.16.0 which disables JNDI and completely removes %m{lookups}.

      • Linux CMP Command Explained

        The cmp command in Linux/UNIX compares two files byte by byte, allowing you to determine if they are identical or not. If a difference is detected, cmp displays the location of the first mismatch on the screen, if no difference is found, cmp displays the files are identical.

        cmp shows no message and basically returns the brief assuming the files analyzed are identical. A lot of options are available for the cmp command to be paired with to display different output, these options are explained below. Also, I am going to show you the practical uses of cmp command.

      • Flatpak on Linux: What It Is and How to Install Apps with It

        Here we will learn what is Flatpak, how to install Flatpak on Linux, and how to use the Flatpak command-line user interface to install, remove, and update Flatpak applications.

      • Convert image in .png format to .webp on Ubuntu and Ubuntu based distributions

        The webp image format has been around for quite a few years, but I only recently found out about it. The Webp image format greatly reduces the file size without losing any quality over formats such as .gif, .png and jpeg.

        Gimp on Linux already has this function to export as webp, but you can also install the cwebp package in Ubuntu or Ubuntu based distributions to convert images to the webp format using the terminal.

        With the basic command for converting one image below, you could create a bash script to take a folder of .png images or mixed images and convert these .webp format.

      • Let’s Encrypt with GnuPG easy 100%

        Public and private keys GnuPG each have a specific role when encrypting and decrypting documents. A public key may be thought of as an open safe. When a correspondent encrypts a document using a public key, that document is in the safe, the safe shut, and the combination lock spun several times. The corresponding private key is the combination that can reopen the safe and retrieve the document. In other words, only the person who holds the private key can recover a document encrypted using the associated public key. The procedure for encrypting and decrypting documents is straightforward with this mental model. If you want to encrypt a message to Alice, you encrypt it using Alice’s public key, and she decrypts it with her private key.

        Likewise, if you want to send a message, she encrypts it using your public key, and you decrypt it with your key.

        To encrypt a document, the option –encrypt is used. It would be best if you had the public keys of the intended recipients. The software expects the document’s name to encrypt as input or, if omitted, on standard input. The encrypted result is placed on standard output or specified using the option –output. The document will be compressed for additional security in addition to encrypting it.

      • Traefik for Docker Containers on Ubuntu

        This post is about Traefik for Docker Containers.

    • Games

      • GOG puts up a We Love Games Sale with lots of good deals | GamingOnLinux

        Prefer GOG over other stores for their DRM-free collection? It’s Valentines Day and of course there’s a sale. The We Love Games Sale is live until Monday, February 21st at 2 pm UTC. This sale features a number of big hitters, new releases and plenty of indie gems to look out for.

      • Building a Retro Linux Gaming Computer – Part 12: In Tremendous Pain | GamingOnLinux

        In 1998 developer Raven Software acquired the rights to Soldier of Fortune to make a video game inspired by the mercenary magazine of the same name. The plan was to make a realistic tactical shooter, with consultant John Mullins brought in to add both his insights and likeness to the project. The final result he described as “emblematic” of the real world experience, which is a generous way of putting it. Where the controversy laid was in the game’s violence.

        Soldier of Fortune was the first game to feature the GHOUL system, allowing for the depiction of damage to specific parts of the body, with your enemies reacting in graphic over the top ways. More pacific players might opt to instead just shoot the weapon from their hands, which is also made possible by GHOUL, but with your mission objectives often tied to eliminating all opponents on a map, such mercies are made just a block to your progress.

        A more salient discussion could have been had on the plot of Soldier of Fortune, steeped as it is in the doctrines of western military interventionism. It is hard to take a detached view of your actions in the game when they are taking place within the context of what were then contemporary conflicts. No matter where you stand on these issues, I think we can all agree that the cutscene where Mullins deferentially walks in on Saddam Hussein is more than a little surreal today.

      • Check out Rise of the Third Power if you love JRPG styled games | GamingOnLinux

        Rise of the Third Power is a brand new release from Stegosoft Games and DANGEN Entertainment, the same team who previously released the popular Ara Fell: Enhanced Edition.

        This was first shown off back in 2017, a throwback to the SNES era of RPGs but of course built for modern audiences with plenty of up to date convenience features thrown in. That, plus a mix of designs inspired by JRPGs and more western elements too. In the game you build up a party of up to eight unique characters, with each having their own background story, ambitions, and personalities, as they embark upon a suicide mission to prevent a war and topple the Arkadyan emperor. A blend of humour, drama and tragedy await you in a 35+ hour story-focused quest as they navigate the treacherous world of Rin.

      • Children of Morta gets online co-op in the Fellowship Sanctuary update | GamingOnLinux

        Children of Morta is easily one of the best looking pixel-art games around, and the gameplay is pretty awesome too. Now you can team up with a friend as the online co-op update is out.

        “Children of Morta is an action RPG with a rogue-lite approach to character development, where you don’t play a single character – but a whole, extraordinary family of heroes. Hack’n’slash through hordes of enemies in procedurally generated dungeons, caves and lands and lead the family of Bergsons, with all their flaws and virtues, against the forthcoming Corruption.”

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Kile: An Interactive Cross-Platform LaTeX Editor by KDE

          You can use a TeX/LaTeX editor for a variety of documents. Not just limited to scientific research, you can also add your code, start writing a book (academic/creative), or draft articles.

          An interactive solution with the option for preview, and several features, should come in handy if you regularly work with LaTeX documents.

          Kile is one such option by KDE, available for Linux and other platforms. In fact, it is one of the best LaTeX editors available for Linux, which we decided to highlight separately.

        • You Can Now Install KDE Plasma 5.24 LTS on Kubuntu 21.10, Here’s How

          Released in October 2021, Kubuntu 21.10 (Impish Indri) ships with KDE Plasma 5.22.5 as the default desktop environment. But, thanks to the Kubuntu Backports PPA effort, users were able to quickly update to the KDE Plasma 5.23 “25th Anniversary Edition” and now they can update to the latest release, KDE Plasma 5.24.

          The Kubuntu team recently announced that the Plasma 5.24 packages are now available in the Kubuntu Backports PPA repository, alongside the KDE Frameworks 5.91 and KDE Gear 21.12.2 software suites, all compiled against the Qt 5.15.2 application framework.

      • GNOME Desktop/GTK

        • Modernizing GTK’s macOS backend (again) – Zen and the Art of GNOME

          Since the early days of working on the macOS backend for GTK 4 I knew eventually we’d have to follow suit with what the major browsers were doing in terms of drawing efficiency. Using OpenGL was (while deprecated, certainly not going anywhere) fine from a performance standpoint of rendering. But it did have a few drawbacks.

          In particular, OpenGL (and Metal afaik) layers don’t have ways to damage specific regions of the GPU rendering. That means as we’d flip between front and back buffers, the compositor will re-composite the whole window. That’s rather expensive for areas that didn’t change, even when using a “scissor rect”.

          If you’re willing to go through the effort of using IOSurface, there does exist another possibility. So this past week I read up on the APIs for CALayer and IOSurface and began strapping things together. As a life-long Linux user, I must say I’m not very impressed with the macOS experience as a user or application author, but hey, it’s a thing, and I guess it matters.

        • Georges Basile Stavracas Neto: OBS Studio 27.2 on Flathub, get it while it’s hot!

          Today, OBS Studio published its 27.2 release. With this release, besides the always good to have bugfixes and improvements, there’s one change in particular that makes me super excited: this is the first release officially published to Flathub!

          Flathub joins OBS Studio’s Ubuntu PPA in the list of official builds.

          On Ubuntu, both can be installed and used without any major annoyance, since Flatpak can easily be installed there – though it would be great if Flatpak was distributed by default on Ubuntu, but oh well, such is life. For other Linux distributions, especially the ones not based on Debian, the Flathub package is probably the easiest one to install, and certainly the most complete.

        • Neil McGovern: Handing over

          In 2017, I was attending FOSDEM when GNOME announced that I was to become the new Executive Director of the Foundation. Now, nearly 5 years later, I’ve decided the timing is right for me to step back and for GNOME to start looking for its next leader. I’ve been working closely with Rob and the rest of the board to ensure that there’s an extended and smooth transition, and that GNOME can continue to go from strength to strength.

          GNOME has changed a lot in the last 5 years, and a lot has happened in that time. As a Foundation, we’ve gone from a small team of 3, to employing people to work on marketing, investment in technical frameworks, conference organisation and much more beyond. We’ve become the default desktop on all major Linux distributions. We’ve launched Flathub to help connect application developers directly to their users. We’ve dealt with patent suits, trademarks, and bylaw changes. We’ve moved our entire development platform to GitLab. We released 10 new GNOME releases, GTK 4 and GNOME 40. We’ve reset our relationships with external community partners and forged our way towards that future we all dream of – where everyone is empowered by technology they can trust.

    • Distributions

      • New Releases

        • KaOS 2022.02

          With the release of Plasma 5.24, a first for KaOS can be announced. Wayland on Plasma is in such a good shape that it now can be the default session for KaOS. For Virtualbox, this means some intervention is needed for auto-resize, upstream does not support this yet for a Wayland session, so you will need to set the desired screen resolution in Systemsettings. When you choose to use non-free Nvidia during the boot-up of the Live session, then Wayland won’t be used, for Nvidia, it is still better to use an X session.

          [...]

          Other news regarding Plasma 5.24 includes a new Configure Display Settings item. This lets you adjust your screens’ resolution, orientation, scaling, and position relative to other monitors. Desktop Panels are now easier to move around and stick to any edge you want, as you can now drag them from anywhere on their toolbar while in Edit Mode. To make critically important Plasma notifications stand out, they now come with an orange strip on the side to visually distinguish them from less urgent messages. The Task Manager’s context menus have been clarified and simplified. The Add a keyboard layout dialog has been redesigned for simplicity and ease of use. And the Cover Flip and Flip Switch effects are back, you can find them in the System Settings Window Management > Task Switcher page.
          For the other KDE parts, the latest Frameworks (5.91.0) and KDE Gear (21.12.2) are included. All built on Qt 5.15.2+.

        • KaOS Linux 2022.02 Is Out with KDE Plasma 5.24, Makes Plasma Wayland Default Session

          KaOS Linux 2022.02 comes a little over a month after KaOS Linux’s first release in 2022 and ships with the recently released KDE Plasma 5.24 LTS desktop environment, which is accompanied by the latest and greatest KDE Frameworks 5.91 and KDE Gear 21.12.2 software suites, as well as the brand-new Kalendar 1.0 app.

          With this release, KaOS Linux switches to Plasma Wayland as the default session for new installations. As you can imagine, this big move makes some changes in the distribution, such as the fact that the default media player, SMPlayer, has been replaced by Haruna as it supports Wayland.

        • Kali Linux 2022.1 Released with New “Everything” Flavor, New Tools, and a Visual Refresh

          Coming two months after Kali Linux 2021.4, the Kali Linux 2022.1 release is here with a visual refresh as the development team updated the desktop, boot splash, and login backgrounds, along with a refreshed installer theme and more consistent boot menu options to make the ethical hacking distro look more modern.

          Another major change in Kali Linux 2022.1 is the availability of a new ISO flavor called “Everything”, which apparently includes a complete Kali Linux environment with all the tools you’ll ever need for offline use. However, this image is huge in size (about 11GB) and it’s only offered as a torrent download.

        • Kali Linux 2022.1 Release (Visual Updates, Kali Everything ISOs, Legacy SSH)

          Today we are pushing out the first Kali Linux release of the new year with Kali Linux 2022.1, and just in time for Valentine’s Day! This release brings various visual updates and tweaks to existing features, and is ready to be downloaded or upgraded if you have an existing Kali Linux installation.

      • Debian Family

        • Got to boot a RPi Zero 2 W with Debian

          About a month ago, I got tired of waiting for the newest member of the Raspberry product lineup to be sold in Mexico, and I bought it from a Chinese reseller through a big online shopping platform. I paid quite a bit of premium (~US$85 instead of the advertised US$15), and got it delivered ten days later…

        • DSA-2019: Debian Security Advisory: Lovestruck Leaders

          Clients and friends have been asking a very similar question recently: what do the scandals in Debian and other free software organizations mean for me, my computers, my servers, my business?

          [....]

          Many people perceive social engineering as an attempt to gain access to confidential information, for example, successfully impersonating the queen to obtain medical records.

          Yet social engineering attacks go much further. Sophisticated attackers encourage their targets to break rules in the hope that the shared knowledge of these crimes will give the attacker an opportunity to blackmail the target. Edward Snowden revealed an unsophisticated plot to entrap a Saudi banker in Geneva by orchestrating a drink driving violation.

          Many of the attackers have a long-term view. They start by testing small rule violations and gradually lead their target deeper and deeper into the hot water.

          [...]

          Once again, we need to come back to the question that started this blog: what does it mean for the user? These social engineering attacks under the guise of diversity may not compromise any of the archive keys or add new backdoors into the code. On the other hand, when ordinary volunteers see these rorts they may lose motivation. Fixes for security bugs, like everything else in Debian, depend on the motivation of volunteers to fix them promptly. A volunteer who was treated rudely at DebConf may simply leave a bug open for an extra week. High-impact projects that never finish: see the example of FreedomBox, which still hasn’t made an official release after more than 12 years. Social engineering can play a role in all of these phenomena.

      • Canonical/Ubuntu Family

        • Slimbook & Kubuntu 18.04 – Combat report 14

          My Slimbook brings all the nerds to the yard, and they’re like. Indeed. The laptop works well. Kubuntu 18.04 proudly holds its ground. The experience is slick and modern. I often compare the looks in Plasma 5.12 to the new crop, and there’s something rather professional and yet charming in the more classic layout of this older LTS. The new releases have a bit more crayony, flatter feel, and while it isn’t bad or ugly, it feels slightly less expensive, so to speak.

          I am quite pleased. The device is fast and does every task well. There are some questions marks regarding the battery, but I don’t have more data on that just yet. The system performance remains excellent, and nothing has really changed in the past three odd years. Every reboot, the save-session feature of Plasma makes me grin. Yes, there are annoying bugs, mostly inside applications, and stubborn won’t-fix issues in the desktop itself, which are only fixed in newer versions of Plasma. But all in all, even with an odd crash and some silly errors, the general feel remains good. Thinking about it, with Windows 11 looming over the horizon, I might have to seriously rethink my day-to-day choices and go full-KDE 24/7 (except gaming, of course). So far, the Slimbook Pro2 and its Kubuntu operating system prove that this can be done with joy, elegance and efficiency. We’re done. Until the next report.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • SaaS/Back End/Databases

        • PostgreSQL: pgAdmin 4 v6.5 Released

          The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.5. This release of pgAdmin 4 includes 24 bug fixes and new features. For more details please see the release notes.

          pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website.

        • PostgreSQL: Ora2Pg v23.1 released

          Version 23.1 of Ora2Pg, a free and reliable tool used to migrate an Oracle database to PostgreSQL, has been officially released and is publicly available for download.

          This release fix several issues reported since past four months and adds some new major features and improvements.

      • Programming/Development

        • Introducing Buildkite integration – Octopus Deploy

          Octopus Deploy now integrates with Buildkite. Our new Buildkite plugins will allow your build agents to create and deploy releases, push build information, and run runbooks as part of a pipeline.

          This post shows you how to use the Buildkite plugins to perform various operations with Octopus Deploy as part of a pipeline in Buildkite.

          [...]

          The integration provided through our new Buildkite plugins represents our initial design and release. We plan to build additional plugins and eliminate the dependency on the Octopus CLI by providing integration through Bash scripts.

          If you’re an existing Octopus Deploy customer, check out Buildkite as part of your build pipeline. If you’re an existing Buildkite customer, check out Octopus Deploy for deployments. And if you haven’t tried either product, consider them both as part of your CI/CD pipeline.

        • Rust

          • Crates.io Index Snapshot Branches Moving | Rust Blog

            Every so often, the crates.io index’s Git history is squashed into one commit to minimize the history Cargo needs to download. When the index is squashed, we save snapshots to preserve the history of crate publishes.

            Currently, those snapshots are stored as branches in the main index Git repository. Those branches are using server resources though, as the server still has to consider their contents whenever Cargo asks for the master branch. We will be deleting the snapshot branches from this repository to ensure that all objects referenced in the master branch will only be compressed against other objects in the master branch, ensuring that the current clone behavior will be much more efficient on the server side.

  • Leftovers

    • Hardware

      • A Solari Mechanical Digital Clock Hack With A Little Extra | Hackaday

        [Alfredo Cortellini] was perusing an antique shop in Bologna, and came across a nice example of a late 1950s timepiece, in the shape of a Solari Cifra 5 slave clock, but as the shop owner warned, it could never tell the time by itself. That sounded like a challenge, and the resulting hack is a nice, respectful tweak of the internals to bring it into the modern era. Since the clock requires a single pulse-per-minute in order to track time, the simplest track often followed is to open the back, set the correct time manually by poking the appropriate levers, and then let an external circuit take over clocking it. [Alfredo] wanted autonomy, and came up with a solution to make the thing fully adjust itself automatically.

        Electronics-wise, initial prototyping was performed with a Nucleo 32 dev board and a pile of modules, before moving to a custom PCB designed in Altium Designer. An STM32G031 runs the show, with a few push buttons and a SSD1306 OLED display forming the UI.

      • This Minibike Will Land You In Hot Water | Hackaday

        The minibike is an American phenomenon which fascinates those of us from countries in which such contraptions are illegal on the road; they seem to deliver bucketloads of low-octane fun in which we are unable to participate. [HowToLou] has one, and as it’s something for use in the Great Outdoors it naturally requires some means of fixing a brew. His solution to the need for a mug of boiling water in out-of-the-way places? A gravity-fed heat exchanger for the exhaust pipe, fed from a reservoir made using an upturned bottle.

        [...]

        It may not be the most practical of water heaters, but it’s certainly a bit of fun even if it might not work with all the minibikes we’ve covered.

      • Fail Of The Week: A Bigger Hacksaw Isn’t A Better Hacksaw | Hackaday

        If we’re being honest, the main reason to buy a power tool is to avoid the pain of using one’s muscles. Oh sure, we dress it up with claims that a power tool will make us more productive, or give better results, but more often than not it’s the memory of how your forearm feels after a day of twisting a screwdriver that makes you buy a cordless driver.

        It appears that [Artisan Makes] has a high tolerance for pain, seeing how the main prep tool in his metal shop is a plain old hacksaw. So in an effort to speed up his stock prep, he turned not to a bandsaw or cutoff saw, but instead built the world’s silliest hacksaw. It’s the metalworking equivalent of the two-man bucksaws that lumberjacks used to fell trees before chainsaws came along, and at a meter and half in length, it’s about the size of one too. Modifying the frame of his trusty hacksaw was easy — he just popped the end pieces off and attached them to an extra-long piece of tube stock. Finding a 1.5-meter hacksaw blade was the main challenge; not exactly a big-box store item, that. So a section of metal-cutting bandsaw blade was modified to fit the frame, and it was off to the races.

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

        • Security

          • Security updates for Monday [LWN.net]

            Security updates have been issued by Debian (debian-edu-config, expat, minetest, pgbouncer, python2.7, samba, thunderbird, and varnish), Fedora (dotnet-build-reference-packages, dotnet3.1, dotnet6.0, hostapd, libdxfrw, librecad, mingw-expat, mingw-gdk-pixbuf, php-twig2, php-twig3, rust-afterburn, webkit2gtk3, and xstream), Mageia (bluez, firefox, libarchive, php-adodb, thunderbird, and webkit2), openSUSE (ghostscript, openexr, permissions, SDL2, and wireshark), Red Hat (firefox), Slackware (mariadb), and SUSE (busybox, ghostscript, openexr, permissions, SDL2, and wireshark).

          • Linux tops Google’s charts for fixing bugs the fastest • The Register

            The bug hunters at Google’s Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition.

            Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases. Furthermore Linux is showing consistent improvement in response times, from 32 days in 2019 to just 15 last year, and that improvement is being mirrored (mostly) across the industry.

            “In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero,” said the team’s Ryan Schoen in the report. “This is a significant acceleration from an average of about 80 days three years ago.”

            When it comes to mobile fixes Apple leads the telecoms duopoly, sorting out issues in an average of 70 days, compared to Android’s 72.

          • Does Linux need antivirus?

            Wondering if Linux users can take operating system security for granted and not worry about using anti-virus? Let’s look at the risks and what you can use to protect yourself when you’re running this popular open source OS and alternative to Windows 11.

            Linux malware has been gradually increasing over the years, with a 35% growth in Linux malware in 2021 identified by endpoint protection vendor Crowdstrike, largely affecting Internet-of-Things devices.

            But, assuming your day-to-day security practices are good and your OS is up-to-date, your Linux desktop doesn’t have a particularly great need of antivirus software. OS security updates promptly address new threats, to the point where the official position of Canonical, maker of Ubuntu Linux is that “Linux viruses are so rare that you don’t really need to worry about them at the moment.

          • Adobe Releases Security Updates for Commerce and Magento Open Source | CISA

            Adobe has released security updates to address a vulnerability affecting Adobe Commerce and Magento Open Source. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild.

          • Privacy/Surveillance

    • Monopolies

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. 2023 Will be a Pivotal Year for Techrights

    As we quickly approach the last month of the year, here's a look back at a wonderful year for Techrights (but not for the world in general) and a look at the year ahead



  2. IRC Proceedings: Friday, November 26, 2022

    IRC logs for Saturday, November 26, 2022



  3. Links 27/11/2022: EasyOS 4.5.2 and Pixel Wheels 0.24.0

    Links for the day



  4. Microsoft is the Problem, Not the Solution

    The media is doing anything it can to suppress discussion about the national or international security crisis caused by Microsoft; instead, some publishers go as far as lionising Microsoft, portraying it as the 'Jesus' of computer security



  5. GNU Emacs Pointing to Microsoft Servers With Microsoft Ads (Spying) and Other Brainwash

    An attempt to study another Gemini client resulted in a disturbing revelation; Unless something went very wrong, it seems like GNU Emacs doesn't exercise caution with users' privacy; it leaks out information to Microsoft in its Web browser mode



  6. Links 26/11/2022: Maui 2.2.1 and Wine 7.22

    Links for the day



  7. IRC Proceedings: Friday, November 25, 2022

    IRC logs for Friday, November 25, 2022



  8. Legislating Against Free Software in the United States and in Europe, Thanks to Lobbying by Microsoft et al

    There’s legislation that would discriminate against Free software, boosted by Microsoft and its creeping interests, which include the so-called ‘Linux’ Foundation (a force of corporate occupation against the GNU/Linux community and its collective interests)



  9. Unitary Patent Lobbying: Stacked UPC Panel With 250 People in Attendance Spun as “3000 Viewers Followed the Conference” (a Lie)

    Bolstering the criminal acts of António Campinos from the EPO is a supportive “conference in Brussels” which was more like staged Unified Patent Court (UPC) propaganda for lobbying purposes; Kangaroo courts are being promoted to legitimise fake European Patents, granted in violation of the European Patent Convention (EPC)



  10. [Meme] Monopolies Presumed Valid

    The EPO is trying to put patent maximalists in charge of a court it wishes to control, in effect dismantling independent auditory functions for the granting of European Patents



  11. “Bringing Teams Together” at the EPO Means Exactly the Opposite

    The European Patent Office’s (EPO) staff is complaining that the EPO's “Bringing Teams Together” or “New Management of Office Space” is basically done without consulting staff and to the detriment of staff, in effect making life miserable for those who can stop or prevent unwarranted monopolies



  12. Links 25/11/2022: Bugfixes in Linux and podlators 5.00

    Links for the day



  13. Links 25/11/2022: Uruk GNU/Linux 3.0 and Ubuntu Touch OTA-24 Released

    Links for the day



  14. Geminispace Can Graduate at 3,000 Capsules Quite Soon (2,900 This Week)

    From less than 500 capsules to 2,900 capsules in 24 months? That's how quickly Gemini is spreading.



  15. [Meme] Kiss the Ring (of the Patent Litigation Mafia)

    Patent litigation giants and their international lobbies/clients are working to create an absurd situation where the courts themselves exist in violation of constitutions, laws, and international conventions (they're also run by corporations)



  16. This Won't End Well for the UPC Lobby (Unitary Patent Profoundly Discredits the Rule of Law)

    Unified Patent Court (UPC) lobbyists may be acting jubilant and triumphant, but they're in effect dancing on the grave of the real legal system they're working to bury, replacing it with something that cannot and will not stand



  17. Taking Communications Private With Mumble (Privacy by Self-Hosting and End-to-End Encryption)

    The prospects of self-hosting for communications have improved greatly; for voice chat, Mumble is definitely worth a look



  18. IRC Proceedings: Thursday, November 24, 2022

    IRC logs for Thursday, November 24, 2022



  19. Links 24/11/2022: AudioTube Improved

    Links for the day



  20. [Meme] Judges That Break the Rules to Get Richer

    The EPO‘s latest controlled ‘judge’ is a proponent of software patents and opponent of proper due process or presumption of innocence; can they fake their way into a Unified Patent Court? It would be a breach of laws, constitutions, and conventions, dismissing any notion that the “legal industry” honours legality while tarnishing the reputation of some key institutions and governments.



  21. Klaus 'Kangaroo' Grabinski Does Not Understand Software Development 'As Such', He is a Symptom of the Patent System's Loss of Legitimacy (Acting to Curtail, Not Advance, Science)

    EPO corruption has become a major threat to the legitimacy of the German government, the German legal system, the European Union, and the European Commission because the Unified Patent Court (UPC) is advancing through the political process without consultation with actual scientists and in defiance of laws, constitutions, and conventions



  22. Links 24/11/2022: Stratis 3.4 and LibreOffice 7.4.3

    Links for the day



  23. Links 24/11/2022: OBS Studio 29.0 Beta

    Links for the day



  24. IRC Proceedings: Wednesday, November 23, 2022

    IRC logs for Wednesday, November 23, 2022



  25. Links 24/11/2022: Redox OS 0.8.0, Mozilla Turns Privacy Into Product

    Links for the day



  26. Links 23/11/2022: Proton 7.0-5 and Cockpit 280

    Links for the day



  27. Links 23/11/2022: Tor Browser 11.5.8

    Links for the day



  28. IRC Proceedings: Tuesday, November 22, 2022

    IRC logs for Tuesday, November 22, 2022



  29. Links 23/11/2022: GNU Parallel 20221122 and Proxmox VE 7.3

    Links for the day



  30. Links 22/11/2022: Alpine Linux 3.17 and Tails 5.7

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts