04.16.22

Gemini version available ♊︎

Links 16/04/2022: EasyOS 3.4.6 and LXQt 1.1.0

Posted in News Roundup at 2:12 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • 9to5LinuxLambda Launches World’s Most Powerful Ubuntu Linux Laptop for Deep Learning

        Meet Razer x Lambda Tensorbook, the world’s most powerful Ubuntu Linux laptop designed for deep learning. Powered by an Intel i7-11800 Octo-Core processor featuring up to 4.6GHz clock speeds and an NVIDIA GeForce RTX 3080 Max-Q graphics card with 16GB VRAM, the Tensorbook laptop provides ML engineers an all-in-one deep learning solution for all their needs.

        For that, the Tensorbook laptop comes with the Lambda GPU Cloud service and the full Lambda Stack, and runs Ubuntu Linux 20.04 LTS.

      • Razer X Lambda Tensorbook Powered By Ubuntu – Full Specifications & Price | Itsubuntu.com

        Razer x Lambda Tensorbook Powered By Ubuntu – Full Specifications & Price

        TENSORBOOK is a deep learning laptop from Lambda. Powered by an Intel i7-11800 Octo-Core processor, Tensorbook is the world’s most powerful Linux laptop that is powered by Ubuntu Linux. Tensorbook is an effort of Razer and Lambda to build the most powerful Linux laptop. The Razer x Lambda TensorBook is already up for sale at a starting price of $3,499. Tensorbook is 10x faster than Google Colab and 4x faster than Apple M1 Max.

      • Duncan LockUsing Windows after 15 years on Linux · duncanlock.net

        Windows is such a mess! It’s sort of shocking how much of a mess it is. Desktop Linux is often criticized for this, but Windows is much worse, somehow! It’s really inconsistent. Half of it is “new” UI and half of it is old Win32/GDI type UI – just as bad as KDE/GTK – except worse, because you can’t configure them to use the same theme. Also, when you install a Linux distribution, it’ll start off either all KDE or all GTK, or whatever – but with Windows you’re stuck with a random mix of both right from the start.

        Thankfully, there is a dark theme available – but only for “new” UI things, naturally. So as soon as you randomly stumble into some old non-themed UI, suddenly BRIGHT WHITE!

      • OS NewsUsing Windows after 15 years on Linux – OSnews

        Hint: not well.

    • Audiocasts/Shows

    • Kernel Space

      • Huawei Nova 8 SE 4G grabbing HarmonyOS 2.0.0.155 software update [Ed: They don't talk about it, but it is based on Linux apparently]

        Huawei has pushed a new software update for the Nova 8 SE 4G that comes with HarmonyOS 2.0 version 2.0.0.155 in China. The new information reveals that the latest update brings March 2022 HarmonyOS security improvements for better system security.

      • GSM ArenaHarmonyOS 3.0 coming in September, first betas to roll out next month [Ed: Apparently Linux based as it's Android/AOSP]

        The third major version of Huawei’s Harmony OS was announced in October of last year with the first Developer Preview coming out a few weeks later. However, development seems to have hit a bit of a snag, so the rollout schedule had to be pushed back.

      • 9to5GoogleOnePlus 10 Pro kernel source code publicly released – 9to5Google

        After a delayed release, the OnePlus 10 Pro is now available in global markets for eager fans to snap up. For third-party ROM developers and tinkerers, we have good news with the release of the OnePlus 10 Pro kernel source code — which is now publicly available.

      • XDAOnePlus 10 Pro kernel source code is now available

        OnePlus finally took the wraps off the global variant of the OnePlus 10 Pro, but the company slacked off a bit and did not give us the kernel sources right after the launch. If you have already managed to score one for yourself for the sake of tinkering, we have good news for you. To facilitate custom development, the Chinese OEM has now released the kernel sources for the OnePlus 10 Pro.

      • Brendan GreggNetflix End of Series 1 [Ed: Brendan Gregg quits Netflix]

        Last time I quit a job, I wanted to share publicly the reasons why I left, but I ultimately did not. I’ve since been asked many times why I resigned that job (not unlike The Prisoner) along with much speculation (none true).

    • Applications

      • Linux Links6 Best Free and Open Source GUI Emoji Pickers

        The internet has rapidly transformed the way we communicate. Since body language and verbal tone are not conveyed in text messages or e-mails, we’ve developed alternate ways to convey nuanced meaning. The most prominent change to our online style has been the addition of two new-age hieroglyphic languages: emoticons and emoji.

        Emoji originated from the smiley, which first evolved into emoticons, followed by emoji and stickers in recent years. Smiley first appeared in the 1960s and is regarded as the first expression symbols. Smiley is a yellow face with two dots for eyes and a wide grin which is printed on buttons, brooches, and t-shirts.

        An emoji is a pictogram, logogram, ideogram or smiley embedded in text and used in electronic messages and web pages. The main function of emoji is to provide emotional cues otherwise missing from typed conversation.

        Here’s our verdict captured in a legendary LinuxLinks chart. We only feature open source software here.

    • Instructionals/Technical

      • CitizixHow to install and set up Kafdrop – Kafka Web UI

        Kafdrop is a web UI for viewing Kafka topics and browsing consumer groups. The tool displays information such as brokers, topics, partitions, consumers, and lets you view messages.

        Apache Kafka is an open-source platform. Kafka was originally developed by Linkedin and was later incubated as the Apache Project. It can process over 1 million messages per second.

        Kafka is an amazing platform for processing a huge number of messages very quickly. However, Kafka has one disadvantage that it does not come with an inbuilt User Interface where the users can see the information related to Kafka.

      • H2S Media4 ways to Install Remmina on Ubuntu 22.04 LTS Jammy JellyFish

        Remmina is a well-documented remote desktop control software, here we see the command to install Remmina on Ubuntu 22.04 LTS Jammy JellyFish using the terminal.

      • H2S MediaHow to install MATLAB in Ubuntu 22.04

        Use MATLAB on Ubuntu 22.04, a technical and scientific software from Mathworks for powerful numerical calculations and professional visualization of data and results. It is a platform-independent software for solving mathematical problems and graphically displaying the results. The software package is best-known for tools for calculating and simulating complex mathematical and technical problems.

        The name MATLAB has derived from the terms MATrix LABoratory. It is software from The MathWorks for solving mathematical problems. The commercial software can be used platform-independently. Results of the numerical calculations can be displayed graphically. MATLAB’s calculations are based on matrices.

      • What is Ansible – The Ultimate Guide

        Ansible is the most widely used DevOps tool for managing changes across your cloud or data center infrastructure. In this article, you will get an overview of how Ansible works and how you can get started with it.

      • Make Use OfHow to Type Faster and Increase Your Productivity Using Espanso

        If you’re a writer, coder, or you respond to lots of emails in a day, a text expander is an indispensable program on your computer. It’s essentially a productivity tool that expands or replaces your typed text with its longer equivalent to help you type faster.

        Generally speaking, you’ll find text expansion tools of all kinds. However, Espanso proves to be one of the most promising ones of the lot, since it’s free to use and offers plenty of customization options.

      • Linux CapableHow to Install MariaDB 10.5 on Ubuntu 20.04 LTS

        MariaDB is one of the most popular open-source databases next to its originator MySQL. The original creators of MySQL developed MariaDB in response to fears that MySQL would suddenly become a paid service due to Oracle acquiring it in 2010. With its history of doing similar tactics, the developers behind MariaDB have promised to keep it open source and free from such fears as what has happened to MySQL.

        MariaDB has become just as popular as MySQL with developers, with advanced clustering with Galera Cluster 4, faster cache/indexes, storage engines, and features/extensions that you won’t find in MySQL.

        In the following tutorial, you will learn how to install MariaDB 10.5 on Ubuntu 20.04 LTS Focal Fossa using the official repository from MariaDB to give you the latest supported version of the LTS release of the database software using the command line terminal.

      • Linux CapableHow to Install Avidemux on Ubuntu 22.04 LTS

        Avidemux is a free and open-source software application for non-linear video editing and transcoding multimedia files. It is trendy as it allows a user to cut, join, split, rotate videos, adds filters, and support many file types, including AVI, DVD compatible MPEG files, MP4, and ASF, using a variety of codecs.

        In the following tutorial, you will learn how to Install the latest Avidemux on Ubuntu 22.04 LTS Jammy Jellyfish using the command line terminal and the LaunchPAD PPA by the XtraDEB team to install the latest possible version.

      • Fix Cannot Find A Valid Baseurl For Repo Base/7/x86_64 Error | Itsubuntu.com

        How To Fix “ how to fix “cannot find a valid baseurl for repo” error in CentOS

        This is the tutorial to fix “cannot find a valid baseurl for repo” error in CentOS. If you are going through the error ‘ how to fix “cannot find a valid baseurl for repo” error in CentOS Linux distribution’ while using YUM package manager then we have a solution for you.

    • Games

      • Android PoliceSteam on Chrome OS explainer dashes hopes of easy modding

        One of the most interesting things about covering Google’s technologies and products is how communicative the company can be when explaining how things work. It recently kicked off the first part of a planned series illuminating how it finagled Steam on Chromebooks. In this first high-level overview of the technologies involved, one key fact has already been detailed: Modifying games (even just to tweak configuration files) might be pretty hard, if not impossible.

      • Protocol‘You can’t really gamify compassion’: Jenova Chen on building ethical free-to-play games [Ed: If it's not free as in free software, can it still be ethical rather than monopoly?]

        Hello, and welcome to Protocol Entertainment, your guide to the business of the gaming and media industries. This Tuesday, we’re chatting with Thatgamecompany co-founder Jenova Chen about ethical game design on mobile, as well as taking a closer look at Epic’s new $2 billion funding round and its metaverse ambitions with The Lego Group.

      • Teardown: Valve Steam Deck

        The Steam Deck is not the first attempt at a handheld for PC gaming, but it does come with a pedigree and a market-friendly price.

        Since 1996, Valve has evolved from game developer (the Half-Life franchise) into being a major online market for PC games, into offering an open-hardware platform (Steam Engine) and now, fully into the console market after a flirtation with peripherals.

    • Desktop Environments/WMs

    • Distributions

      • New Releases

        • Barry KaulerEasyOS 3.4.6 released

          Easy 3.4.6 has focused on refining the user interface; in particular, there is a return of an old theme, “EasyBlue”. Some bugs fixed, otherwise mostly the same as 3.4.5, except Firefox bumped to 99.0.1 and new ‘awf’ package.

      • BSD

        • The Register UKOpenSSH takes aim at ‘capture now, decrypt later’ quantum attacks

          OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.

          The popular open-source SSH implementation aims to provide secure communication in a potentially unsecure network environments. While version 9 is ostensibly focused on bug-fixing, there are some substantial changes lurking within that could catch the unwary, most notably, the switch from the legacy SCP/RCP protocol to SFTP by default.

          The OpenSSH group warned the change was coming earlier this year, with a deprecation notice in February’s version 8.9 release. Experimental support for transfers using the SFTP protocol as a replacement for the SCP/RCP protocol turned up in version 8.7 in August 2021 with the warning: “It is intended for SFTP to become the default transfer mode in the near future.”

          The future, it appears, has arrived (at least as far as OpenSSH is concerned) with the defaulting to SFTP, which introduces some potential incompatibilities: gone is the requirement for the “finicky and brittle quoting” used by the legacy SCP/RCP “and attempts to use it may cause transfers to fail,” according to the OpenSSH group, which added there was no intention to introduce bug-compatibility for legacy SCP/RCP when using the SFTP protocol (although the -O flag can be used to force scp to use the legacy protocol.)

        • IT WireiTWire – New OpenSSH version uses stronger key-exchange mechanism by default

          A new version of OpenSSH, an implementation of the secure shell protocol, includes a switch to a new key-exchange mechanism by default, among other changes.

          An advisory from developer Damien Miller said the new release, OpenSSH 9.0, switched scp, the secure copy tool which is part of the app, from using the legacy scp/rcp protocol to using the SFTP protocol by default.

          OpenSSH is run by the OpenBSD project which is headed by Theo de Raadt. SSH or secure shell is a program used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.

          It provides strong authentication and secure communications over insecure channels. OpenSSH is a free implementation of the program.

      • IBM/Red Hat/Fedora

        • Red Hat Summit to address the open hybrid cloud ecosystem

          Recently, Red Hat’s president and CEO, Paul Cormier spoke at length about the CIO’s paradox. On one hand, they’re expected to keep track of the latest trends in technology, but it’s another matter when it comes to actually evaluating and implementing technologies for their organisations.

      • Debian Family

        • Computer WeeklyRaspberry Pi Foundation ditches default username policy

          The Raspberry Pi Foundation, the organisation behind the wildly popular eponymous computing platform, is rolling out a small but impactful security policy update, eliminating default usernames to cut off a potential avenue for malicious actors to conduct brute-force cyber attacks.

          A brute-force attack, simply put, is a trial-and-error method of cyber attack by which a malicious actor tries all possible username and password combinations to access a system – usually using some kind of automated tool – until they hit on the right one.

        • Petter Reinholdtsen: Playing and encoding AV1 in Debian Bullseye

          Inspired by the recent news of AV1 hardware encoding support from Intel, I decided to look into the state of AV1 on Linux today. AV1 is a free and open standard as defined by Digistan without any royalty payment requirement, unlike its much used competitor encoding H.264. While looking, I came across an 5 year old question on askubuntu.com which in turn inspired me to check out how things are in Debian Stable regarding AV1. The test file listed in the question (askubuntu_test_aom.mp4) did not exist any more, so I tracked down a different set of test files on av1.webmfiles.org to test them with the various video tools I had installed on my machine.

      • Canonical/Ubuntu Family

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • PR NewswireStamus Networks Announces Availability of SELKS 7

        SELKS is a Stamus Networks contribution to the open-source community and is released, at no cost, under the GNU GPLv3 license as ISO images, Docker package, or as source code.

      • InfoQKubernetes Crosses the Chasm, and Other Lessons from the 2021 CNCF Survey
      • PR NewswireOpenMetal Joins the Open Infrastructure Foundation

        Open source software and community advocate, OpenMetal, is increasing its commitment to open source, building upon an Open Infrastructure Foundation (OIF) membership.

      • PR WebVuFind® Joins the Open Library Foundation

        By joining the Open Library Foundation, VuFind will benefit from infrastructure support including legal, operational, administrative, and financial resources. The foundation is also able to ensure that VuFind is owned by the VuFind community and is able to expand beyond the interests of any single entity.

      • Market ScreenerJD com : Explore Academy’s Qiling Framework Accepted in GSoC 2022

        The Qiling framework developed by the Shepherd Lab of JD Explore Academy has been accepted in GSoC (Google Summer of Code) 2022 after recommendation by The Honeynet Project.

        Starting from 2005, GSoC has been devoted to helping contributors find open source projects. More than 18,000 students from 112 countries, who get help from 17,000 mentors of 746 open source organizations, have written more than 40M lines of code in fields they love.

      • I ProgrammerIdentifying Europe’s Critical Open Source Software – FOSSEPS

        FOSSEPS stands for Free and Open Source Solutions for European Public Services and is an initative by the EU Commission to identify the most critical open source software used by European Public Services.

        Open Source Software powers everything, from modern servers, to IoT, to the desktops at work and is at the heart of the European Union systems too. It is so important that the European Commission’s Open Source Programme Office has decided to offer bug bounties on popular open source software as described in “European Union Will Pay For Finding Bugs In Open Source Software”.

        The issue with the bug bounty was which apps were going to be labeled as critical or important in order to allocate resources to them. This is the same problem faced by the Open Source Security Foundation in its effort to make open source software sustainable and for which the Criticality Score Project was set up. This has already led to critical OSS projects being identified, most recently with the publication of “Census II of Free and Open Source Software – Application Libraries”, as we reported last month.

      • FSF

        • GNU Projects

          • LWNGNU coreutils 9.1 released

            Version 9.1 of the GNU coreutils package has been released with lots of small tweaks and improvements. “ls no longer colors files with capabilities by default, as file-based capabilities are very rarely used, and lookup increases processing per file by about 30%. It’s best to use getcap [-r] to identify files with capabilities.”

        • Licensing/Legal

          • The HinduUnderstanding software copyright and licences

            A copyright gives a creator the legal right to own, distribute and profit from his or her creative work. Software, like any other technology has all shades of licences facilitating its use. On one end of the spectrum, there is proprietary software which is to be purchased as a one-time transaction or as yearly licences. A popular example is Microsoft Windows which is purchased along with the computer or Microsoft Office which typically has a yearly licence that has to be renewed upon payment.

            On the other hand, there are different kinds of software licences that allow free use of software. There is the Creative Commons licence (CC) which is public domain: any software or work that is in CC can be used and distributed free of cost. For example, Wikipedia is under CC and hence its contents can be used freely with the condition that attribution is made to Wikipedia (this is called ‘Creative Commons – Attribution-ShareAlike).

      • Programming/Development

  • Leftovers

    • ‘The Eagle Has Landed’ author Jack Higgins dead at 92
    • Digital PS3 Games Mysteriously Expiring – PlayStation LifeStyle

      As users are scrambling to make sense of what’s happening and why, Kotaku has found one plausible explanation: Unix epoch, which is an arbitrary date picked by early Unix engineers. A bug on the PSN backend is likely setting license expiration dates to December 31, 1969, making the games unplayable after midnight UTC on January 1, 1970.

    • Genre Awareness

      One thing I really like about The Walking Dead is that they never refer to zombie media; they instead act as if the phenomenon is wholly new. That’s an approach I’d love to see more of. The opposite is so weird in books like Kick-Ass where they are constantly reading comics. I’m reading a Stephen King book now where one of the characters is saying that The Shining isn’t a good movie.

      Sure, the self-referentiality is weird, but what bugs me more is the common trope of “This story is real, unlike all these other stories I’m gonna name now”. Not into it. Like, a Marvel hero and someone in the comic says “Oh, like Batman from the comics?“ and they reply “But unlike him I’m real” and I’m like… you guys are on the same level, quit it with this faux-Calvino nonsense, you’re only devaluing yourself by calling attention to the frame, the page, the ink.

    • Science

    • Lousy Hardware

      • Anthony Buick in Gurnee says Batteries Plus sold me a junk car key. Nothing wrong with the car. – BaronHK’s Rants

        Anthony Buick in Gurnee says Batteries Plus sold me a junk car key. Nothing wrong with the car.

        Well, that settles it.

        They’re back there cutting a real Buick key instead of this cheap Chinese nonsense that’s going on at Batteries Plus.

        Bhushan Chouhan at Batteries Plus brought the chargeback I filed on himself for selling crap and then just refusing to give me a refund and taking his garbage back.

        I’m sure the Buick dealership has something a little more sophisticated to work on my vehicle computer with than a ~$200ish cheap Windows 10 laptop with some aftermarket programming software that’s probably based on a reverse understanding of real Buick software. If that makes you nervous like it made me nervous, it should. Engine computers can be thousands of dollars if they get damaged in parts and labor, and some guy plugging the most malware-riddled PC operating system on the planet into a sophisticated machine is frightening in and of itself.

      • Vehicle security systems almost invariably annoy the owner of a car. – BaronHK’s Rants

        Yesterday, I wrote about my experience with Batteries Plus Bulbs in Gurnee, Illinois.

        The guy who runs that store is a real jerk and managed to produce a spare car key that triggers the vehicle anti-theft system and won’t start the car.

        He started it a couple of times while I was there and his laptop was plugged into the Buick, so I thought nothing of it for a few days…..good that I tried using the spare keys yesterday or I may not have known there was any trouble with them until after it was too late to file a chargeback after the owner of the store become increasingly unreasonable and then threatened to call the cops if I didn’t stay out of his store because I asked for a refund.

        While he was poking around yesterday, he managed to deauthorize my remote and now that won’t work either, so I get to call Buick today and just pay them whatever they want so that I have a spare set of keys.

        On the 2003 Impala, if you need to program a remote, you don’t need some asshole to do it for $100, and if you need a key you just use the $2 machine at Walmart and you have a car key…..or if you don’t, then at least you’re only out $2 and not $200 (key, remote, programming), and trying to get an intransigent asshole to stand behind his work.

        You can actually get a remote for the Impala for about $10. It’s all from China so you don’t need anything really special.

        [...]

        And as cars get more expensive to buy new, and fewer and fewer of the old ones still run right because Boomers don’t take care of any of their stuff, people are going to find themselves painted into a corner because of all of the computer-controlled crap on a modern car.

        I’m writing this while sitting here on my phone at the Buick dealership waiting for new keys. On the way down, the car started squealing at me, which is probably a drive pulley, so I’m waiting to hear about them from that too. It doesn’t help that that crook at Batteries Plus essentially tried ripping me off of over $200 and I’m waiting on the credit card people to process a dispute.

        The upside with the dispute is that it pokes crooked merchants in the eye whether you win or lose.

    • Health/Nutrition/Agriculture

      • NatureExperimental evidence challenges the presumed defensive function of a “slow toxin” in cycads

        \(\beta\)-methylamino-L-alanine (BMAA) is a neurotoxic non-protein amino acid found in the tissues of cycad plants. The demonstrated toxicity of BMAA to diverse organisms, including humans, is widely assumed to imply a defensive function of BMAA against herbivores; however, this hypothesis has not previously been tested in an ecologically relevant system. We investigated the effects of dietary BMAA, across a range of dosages matching and exceeding levels typically present in cycad leaves, on the feeding preferences and performance of a generalist lepidopteran herbivore (Spodoptera littoralis).We observed no effects of dietary BMAA on the survival or development of S. littoralis larvae, nor any larval preference between BMAA-laced and control diets. These findings suggest that BMAA in cycad tissues does not deter feeding by insect herbivores, raising questions about other potential physiological or ecological functions of this compound.

      • Adherence to Oral Targeted Anti-Lung Cancer Therapy: A Qualitative Interview Study
    • Integrity/Availability

      • Proprietary

        • Paul ThurrottReport: More PCs Running Windows XP, 7, and 8 Than Windows 11 [Ed: Microsoft boosters are alarmed by the failure that is Vista 11]
        • Pseudo-Open Source

          • Openwashing

            • NAB 2022: TAG Integrates Redis Within Realtime Media Performance Platform [Ed: And why a dash in "open-source"? Because it's misleading...]

              Redis serves as a pipeline that connects the levels of TAG’s platform, a 100% IP 100% software open-source solution that monitors, aggregates, manages and utilizes data-driven viewer analytics. The foundation of the RMP is TAG’s Multi-Channel Monitoring (MCM) system, that monitors every type of signal from live production through OTT delivery, providing deep monitoring for critical analysis into signal health.

            • The New StackElon Musk, Twitter, and the Weaponization of Open Source

              When we talk about “open sourcing” something, that’s a big part of it, right? We want to be able to run it ourselves. We want to be able to take the code and adapt it and tweak it to our needs, on our own servers. We want to collectively help out, fixing bugs and contributing to that codebase.

        • Security

          • ZDNetEnemybot: a new Mirai, Gafgyt hybrid botnet joins the scene | ZDNet

            A new botnet is targeting routers, Internet of Things (IoT) devices, and an array of server architectures.

          • SPRING4SHELL: THE NEW ADDITION TO THE TRENDING ZERO-DAY EXPLOITS – Kratikal Blogs
          • The Register UKSpring4Shell under active exploit by Mirai botnet herders • The Register

            There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it’s being actively exploited to run the Mirai botnet.

            Mirai is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things (IoT) devices, such as IP cameras and routers, into a botnet that can then be used in such campaigns as distributed denial-of-service (DDoS) and phishing attacks.

            The Trend Micro researchers wrote in a post that they observed the bad actors weaponizing and run Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.

          • Best Ethical Hacking Tools & Software 2022 | IT Business Edge

            Hacking is the use of any tools or technology to obtain unauthorized access to or circumvent security measures of a computer system or network.

            An ethical hacker is an independent security tester who checks computer systems, networks, and programs, looking for potential vulnerabilities that an attacker could exploit. Ethical hackers use the same tools and techniques as malicious hackers; however, they do it to improve system security and uphold privacy policies and standards instead of causing damage or stealing information. Examples include penetration testing and vulnerability scanning.

          • Silcon RepublicCareer progression often lies ‘beyond your comfort zone’

            Throughout this week, we’ve heard from a variety of infosec professionals about what first drew them to security, from PwC’s Katherine Cancelado starting to learn RedHat and Debian Linux at age 12 to Nitro’s David Lenoe getting to grips with new tech during a third-party security review.

            Elly Stritch studied business information systems at University College Cork and it was here that her interest in cybersecurity began.

          • Silcon Republic‘Not everything in cybersecurity is hacking’

            Katherine Cancelado’s interest in cybersecurity was sparked when she was about 12 years old and she started learning RedHat and Debian Linux. This led her to a variety of tech communities where she learned more and shared her knowledge, and started engaging with cybersecurity without even realising it.

            “I learned so much about how to create secure and optimal configurations for different systems and applications, and this was what caused me to move towards cybersecurity as a way to make things better and not to simply make things work,” she told SiliconRepublic.com.

          • The Wall Street JournalUkraine Thwarts Cyberattack on Electric Grid, Officials Say

            Customized malware targeted not only Microsoft Corp. Windows-based systems, but also those running on common Unix platforms Linux or Solaris, Mr. Boutin said.

          • PS5 Firmware 5.02 & PS4 Firmware 9.51 released, in context of FreeBSD heap buffer overflow vulnerability. Do not update – Wololo.net

            PlayStation pushed PS5 Firmware 22.01-05.02.00 (PS5 5.02) and PS4 Firmware 9.51 yesterday. Those are your typical “improves system performance” updates, but as always, we (and several prominent members of the hacking scene) recommend you do not update your console, if you can, and if you’re expecting to Jailbreak it eventually.

          • The RecordExperts warn of concerns around Microsoft RPC bug

            Cybersecurity experts and researchers have raised alarms around a vulnerability disclosed by Microsoft Tuesday concerning Windows hosts running the Remote Procedure Call Runtime (RPC).

          • eSecurity PlanetCritical Infrastructure, ICS/SCADA Systems Under Attack by Advanced Threat Groups

            Such lateral movements are often used to escalate privileges, for example, in Active Directory.

          • Hacker NewsIs API Security on Your Radar?

            Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to API security to combat this new aggression.

          • CNET6 Browser Extensions to Protect You From Cyberattacks – CNET

            The first three browser extensions in this list — HTTPS Everywhere, Privacy Badger and uBlock Origin — have enjoyed some long-standing recommendations from CNET reviewers.

            The HTTPS Everywhere extension is available through a partnership between the Electronic Frontier Foundation and the TOR Project. Many websites use secure connections already, but some don’t, leaving their visitors vulnerable to threats, like having malware delivered to their device. If you’re visiting an unprotected website, HTTPS Everywhere checks to see if it offers a secure connection. If one is available, the add-on forces the site to use that connection.

          • The Register UKBackup frustration brought this CTO to forefront of ransomware protection [Ed: Ransomware is primarily a Microsoft Windows problem]

            INTERVIEW As CTO of The New York Times two decades ago, Andres Rodriguez became frustrated with the time-consuming and unreliable process of backing up massive amounts of data that was only tested when it failed.

          • IT WebArcserve enhances key ransomware defence solution
          • Pentera Labs finds new vulnerability in vCenter VMWare impacting over 500K appliances [Ed: While VMWare run viciously anti-Linux PR campaigns its own proprietary software was being breached without patches available]

            New patch issued by VMware for Information Disclosure vulnerability CVE-2022-22948 discovered by Pentera Labs’ Yuval Lazar, Senior Security Researcher.

          • The Register UKMicrosoft’s huge Patch Tuesday includes fix for bug under attack [Ed: Not just by NSA anymore?]

            Microsoft’s massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.

            In total, the Redmond giant patched over 100 bugs today, including 10 critical remote code execution (RCE) vulnerabilities.

          • Privacy/Surveillance

            • CPO MagFBI Investing Heavily in Social Media Tracking: “Predictive” Surveillance Software Raises Civil Liberties Concerns – CPO Magazine

              A recent contract between the Federal Bureau of Investigation (FBI) and the Babel X software firm is raising some privacy and mass surveillance concerns. The software is used for keyword-based social media tracking and advertises a “predictive analytics” feature, leading to natural questions about its potential use for profiling and the monitoring of Americans not under suspicion or investigation of a crime.

            • ProtocolTop House lawmakers want ID.me to turn over government business records [Ed: Microsoft does worse surveillance and even commits incredible crimes, which some whistleblowers report; why does the US government let Microsoft get away with it? Bribes, infiltration, and top-level corruption?]

              Two top Democratic House lawmakers want ID.me to produce extensive records about its government business and accuracy following outrage about the IRS’ use of the company’s facial-recognition systems.

              Rep. Carolyn Maloney, who chairs the Oversight Committee, issued the extensive requests in a letter with Rep. Jim Clyburn, who chairs a subcommittee on COVID-19 and is the No. 3 Democrat in the House. The letter said the two lawmakers’ panels had “serious concerns about the efficacy, privacy, and security of ID.me’s technology … being used to verify the identities of millions of Americans seeking to access essential government services.”

            • TribGrowth in surveillance technology pits law enforcement against privacy concerns | TribLIVE.com

              When Greensburg police charged two men with a downtown shooting outside The Rialto bar, in which a bystander was wounded in late January, video footage helped investigators identify one of the suspects.

              “Without the surveillance video, that may not have been the outcome,” police Chief Shawn Denning said. “With the surveillance cameras outside the courthouse and The Rialto, we were able to get that whole shooting on video.”

              Greensburg doesn’t have a dedicated system of surveillance cameras, but the Westmoreland County Housing Authority recently provided the city access to cameras at Eastmont Estates apartments.

              “There are several high-quality cameras there,” Denning said. “We did have a (previous) shooting up there, so those cameras would have been extremely beneficial for us to have.

            • ProtocolFight for the Future urges Zoom to ditch controversial emotion AI [Ed: "HEY HI" as euphemism for surveillance]

              The advocacy group wants Zoom to halt its consideration of controversial “emotion AI” technology in its services, which was first reported by Protocol.

    • Defence/Aggression

      • New York TimesOpinion | Free Advice for Putin: ‘Make Peace, You Fool’
      • foss – vanitasvitae’s blog: Peace at any cost?

        Peace is universally a good thing. War on the other hand is universally bad.

        At least that was my idealistic view for my entire life. For that reason I was under the impression, that being part of the peace-movement was obvious. Of course I am for peace and against war!

        Therefore it was shocking to me that today I did not feel comfortable attending the “Ostermarsch” in Münster. The Ostermarsch is a traditional peace-protest all across Germany. Many people protest for peace and against war.

        But this time it was different. A woman handed me a paper on which some party was demanding immediate stop of weapon deliveries to the Ukraine. The paper also called for and end of the sanctions against Russia and the acknowledgement of Luhansk, Donezk and the Krim regions as independent states.

    • Finance

      • The Register UKWiki community votes to stop accepting crypto donations • The Register

        The wiki community held a vote as to whether the Wikimedia Foundation should continue to accept cryptocurrency donations, the result of which was a resounding “no”.

        The proposal was made by Wikipedia administrator, checkuser and oversighter GorillaWarfare based on three points: it could be seen as an endorsement of cryptocurrency by the organization; the tech is not environmentally sustainable; and, last of all, accepting crypto could damage the reputation of the foundation.

    • AstroTurf/Lobbying/Politics

      • Free speech, vs itself

        Paludan isn’t just burning some paper. He is advocating that every one whose parents were born outside of a country that neighbors Denmark should be forcefully deported. (That would include me and many of my friends.)

        “We should consider incitement to intolerance and persecution as criminal”, Popper says. Maybe there’s something to that.

        When Rushdie was being persecuted, people rightfully recognized that the death decrees issued on him was not protected speech. So obviously there are speech acts that aren’t tolerated. But as soon as it’s Rasmus Paludan or Flemming Rose, it’s “just go ahead, boys, this is what a democracy is all about”. I’m not onboard with that.

    • Civil Rights/Policing

    • Internet/Gemini

      • DataCenter DynamicsUS Treasury exempts Internet communication providers from Russia sanctions

        The US Treasury has exempted the provision of Internet communication services from US sanctions against Russia.

        The move was welcomed by human rights and open access groups.

      • Re: Stepping away from Gemini

        Atom feeds are a good analogy. I currently read most of my favorite writers (like the wonderful Web3 is going great) through Atom, or through epub, but that doesn’t mean that I should’ve put my Atom feed on hold back when I went through a patch of not reading Atom as much.

        Gemini is just another format and I might as well keep it up. I’m lucky, since I’ve set up my system so that I can easily make gem-only posts (like this one♥), web-only posts, and posts that are on both.

        Now, this “it’a just another format” view is sort of a vindication of my perspective that Gemini didn’t simplify the web, it just added another protocol and format on top of the already huge pile of specs; it made the web more complex, not less. Drew concedes (for now) that he still uses https.

      • Stepping away from Gemini

        I’m going to wind down my gemlog. I’m not going to take it offline, but I am going to stop writing content for it.

        I have enjoyed writing on my gemlog, especially about things which aren’t necessarily a good fit for my HTTP blog. I definitely got over the idea of dual-publishing; I prefer to keep the two mediums mostly separate now. Things like short stories, anime reviews, and other off-color content have been a good fit for my Gemini posts. It’s nice to have a space for that, and I will miss it.

        [...]

        I may return as Gemini continues to grow and a greater variety of content is available to peruse.

      • Thanks for your commitment to Gemini, Drew!

        Thanks Drew for spreading the word, creating magnificient tools, content, and offering hosting! Hope to see you around another day. Cheers!

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. When a Company Simply Refuses to Talk to Technical and Exerienced Staff Through Internal Avenues

    When companies behave like monarchies where staff has no role at all in decision-making and decisions are made in violation of those companies’ tenets (or mission statements) it is inevitable that staff will issue concerns, first internally and — failing that — in other channels



  2. [Meme] Kings Instead of Open Consultation Among Peers

    In Sirius there’s no room for debate, even among half a dozen or so technical colleagues; decisions are made in the dark by a tightly-knit cabal (with rather childish superhero cartoons as their avatars) and then imposed on everybody else (hardly democratic, not sane)



  3. Sirius Open Source: The Home of Stress and Bullying by Management

    Part 3 of a report regarding Sirius Open Source, which is imploding after bad judgement and misuse of power against employees



  4. Links 04/12/2022: Fosshost Shudown and OpenIndiana Hipster 2022.10

    Links for the day



  5. Links 03/12/2022: pgAdmin 4 Version 6.17

    Links for the day



  6. IRC Proceedings: Saturday, December 03, 2022

    IRC logs for Saturday, December 03, 2022



  7. Office Manager in Company Without an Office

    Imagine having an “Office Manager” in a company that does not even have an office. Welcome to corporate posturing.



  8. Dishonest Companies Disguised as 'Open Source' (After Abandoning It)

    A deeper look at the way Sirius Open Source presents itself to the public (including prospective and existing clients); This is clearly not the company that I joined nearly 12 years ago



  9. When the Founder of Your Company Supports Donald Trump the Company Ends up Active in Fascist Platforms

    Politics weren’t allowed in Sirius ‘Open Source’, but there were exceptions for some people (close to management) and it didn’t look good



  10. [Meme] Sirius Actually Used to Promote Free/Libre and Open Source Software

    Before people who reject Free/Libre and Open Source software were put in charge of Sirius ‘Open Source’ concrete steps had been taken to support the wider community (or the suppliers, who were mostly volunteers)



  11. Sirius 'Open Source' When It Actually Understood and Respected Software Freedom

    The company my wife and I joined was (at the time) still Free software-centric and reasonably friendly towards staff; today we examine Sirius of a decade ago



  12. Links 03/12/2022: 4MLinux 41, GNOME E-mail System Melting Down

    Links for the day



  13. Links 03/12/2022: KDE Report and Canonical Lying to Staff

    Links for the day



  14. Sirius 'Open Source' Lists 49 Firms/Organisations as Clients But Only 4 of Them Currently Are

    Sirius Open Source is nowhere as popular as it wants people to think



  15. Sirius 'Open Source' Lists 15 People as Staff, But Only 6 Work in the Company

    Sirius Open Source is nowhere as big as it wants people to believe (like it is a trans-Atlantic thriving firm, the “Sirius Group”)



  16. Storm Brewing Over the Future and Nature of the Internet

    Subsidies for Web giants (and shareholders of such giants) will run out; what will happen to the Internet when this inevitably happens?



  17. IRC Proceedings: Friday, December 02, 2022

    IRC logs for Friday, December 02, 2022



  18. 10 Good Things That Happened in 2022

    In the technical domain, 2022 saw some positive developments, especially from the perspective of Freedom-centric and environmentalist folks



  19. Rumour: More Microsoft Layoffs (Big Layoffs) Next Month

    TheLayoff.com, a moderated forum for anonymous voices, has a new comment (less than a day old) about more Microsoft layoffs



  20. Engineers Are Too Expensive for Sirius 'Open Source'

    Sirius Open Source has become almost like a one-man operation, occasionally assisted by associates (external to the company, paid as contractors by the hour), and management that neglects basic duties while it lies to the staff in an effort to ‘pacify’ it



  21. A December Series About the Demise of Sirius 'Open Source'

    Sirius has not been functioning properly for years, but this year it got a lot worse and the story ought to be told; there are many aspects in it that may be applicable to other companies, including those that engage in openwashing for marketing purposes (opportunism)



  22. The Fall of Sirius Open Source: How a Leader and FSF Sponsor (for Multiple Years) Became an Abject Failure

    Statement on SIRIUS OPEN SOURCE LTD Compiled for Roy and Rianne Schestowitz, Sirius Staff Since 2011 and 2013, respectively



  23. Links 02/12/2022: Linux Mint 21.1 Beta Imminent and Linux (SUID-root) Has Bugs

    Links for the day



  24. [Meme] Job Ethics

    Ethical development jobs may not be easy to find; some ethical jobs can turn immoral after many years and then it’s time to leave (there’s no turnaround when HR gravitates towards immoral business and chronically relies on deceit)



  25. The Morality of Your Clients and Suppliers Should Matter (It No Longer Matters in Sirius 'Open Source')

    One very important (and perhaps lifelong) lesson learned in my last job is that clients and agenda can change rapidly as a result of rotation in management and a loss of moral compass; it's critical to check not only what employer one works for but who the upstream and downstream entities are (their nature can change for the worse when the employer becomes desperate and neglects ethics in pursuit of money)



  26. Links 02/12/2022: Fedora Gets Sway Spin; Samsung, LG, Mediatek Certificates Compromised

    Links for the day



  27. [Meme] Sirius Open Wash Ltd.

    Limited openness or pure openwashing; the company formerly known as SIRIUS CORPORATION LIMITED (03633198) and now known as SIRIUS OPEN SOURCE LTD (11014042) is not what it says on the tin



  28. Sirius Open Source is No Longer Open Source and It's Simply Unethical to Stay There

    The company where I've worked since my twenties is going under; now it's trying to find excuses to deny compensation to staff while failing to pay very basic bills and liabilities; there are many other issues that deserve the light of day



  29. Links 02/12/2022: GNU/Linux Growing Fast in Steam, Twitter Crumbling

    Links for the day



  30. IRC Proceedings: Thursday, December 01, 2022

    IRC logs for Thursday, December 01, 2022


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts