Bonum Certa Men Certa

Links 23/05/2022: Kdenlive 22.04.1 and New Alpine Linux Released



  • GNU/Linux

    • A quick update on a Linux migration

      Mentioned previously here[1], I took an image from one laptop (Macbook Air) and moved it to another (Thinkpad T440p).

      I wanted to note in this update, that I had a devilish time getting hiberate to work consistently. Sometimes it worked, other times it didn't. Shutdown and suspend were also impacted.

    • OpenSource.com7 pieces of Linux advice for beginners | Opensource.com

      My brother told me that Linux was like a "software erector set" (that's a dated reference to the old Erector sets that could be purchased in the 1950s and 1960s) which was a helpful metaphor. I was using Windows 3.1 and Windows NT at the time and was trying to build a useful and safe K-12 school district website. This was in 2001 and 2002 and there were very few texts or resources on the web that were helpful. One of the resources recommended was the "Root Users Guide," a very large book that had lots of printed information in it but was tough to decipher and know just how to proceed.

      One of the most useful resources for me was an online course that Mandrake Linux maintained. It was a step-by-step explanation of the nuances of using and administering a Linux computer or server. I used that along with a listserv that Red Hat maintained in those days, where you could pose questions and get answers.

    • Desktop/Laptop

      • Its FOSSSystem76 Collaborates with HP for a Powerful Linux Laptop for Developers
        System76 already makes Linux laptops. So, what is this all about?

        Well, this time, it will be a Linux laptop by HP, powered by Pop!_OS, i.e., the Ubuntu-based Linux distribution by System76.

        Carl Richell (System76’s Founder) made the announcement through his Twitter handle, with a link to the website that provides additional information on this.

      • LinuxiacHP’s Partnership with System76 Prepares New Linux-Based Laptop
        Almost all HP laptops are sold with Windows preinstalled; however, there are notable exceptions. We’re pleased to see a major computer manufacturer, HP, offer a Linux laptop.

        The yet-to-be-launched laptop will be a collaboration between HP and System76, a Denver-based American computer manufacturer.

        And, quite logically, the laptop will run Pop!_OS, an Ubuntu-based Linux desktop distro developed by System76. Pop!_OS uses GNOME as the desktop environment, and System76’s in-house made Pop!_OS COSMIC desktop.

    • Server

      • OpenSource.comA hands-on guide to images and containers for developers | Opensource.com

        Containers and Open Container Initiative (OCI) images are important open source application packaging and delivery technologies made popular by projects like Docker and Kubernetes. The better you understand them, the more able you will be to use them to enhance the consistency and scalability of your projects.

        In this article, I will describe this technology in simple terms, highlight the essential aspects of images and containers for a developer to understand, then wrap up by discussing some best practices developers can follow to make their containers portable. I will also walk you through a simple lab that demonstrates building and running images and containers.

    • Audiocasts/Shows

    • Kernel Space

      • 9to5LinuxYou Can Now Install Linux Kernel 5.18 on Ubuntu and Ubuntu-Based Distributions

        Linux kernel 5.18 brings lots of goodies for GNU/Linux users, including support for new features in AMD and Intel CPUs, improved support for NVMe devices, new and improved security features to protect you against the latest threats, as well as new and updated drivers for top-notch hardware support.

        Ubuntu is one of those distributions that do not receive a newer kernel version when a new stable branch is available. Interim Ubuntu releases stick to the kernel version that they shipped with, so users might want to upgrade the kernel to newer releases.

      • GNUGNU Linux-libre 5.18-gnu

        GNU Linux-libre 5.18-gnu cleaning-up scripts, cleaned-up sources, and cleaning-up logs (including tarball signatures) are now available from our git-based release archive git://linux-libre.fsfla.org/releases.git/ tags {scripts,sources,logs}/v5.18-gnu.

        Compressed tarballs and incremental patches are also available at <https://www.fsfla.org/selibre/linux-libre/download/releases/5.18-gnu/>.

        The cleanup scripts are unchanged since the updates for rc6. Jason Self drew a new image for his beautiful Freedo-and-GNU-themed artwork collection for this release, check it out at https://linux-libre.fsfla.org/#news or the whole collection at https://jxself.org/git/?p=freedo.git;a=tree

        While adding Jason's image, I noticed earlier images were a little messed up in our https://linux-libre.fsfla.org/#artwork section, so I fixed them up, and turned the displayed bitmap images into links to their corresponding sources in vector graphics.

        Freesh and RPMFreedom, the distributions of .deb and .rpm packages of GNU Linux-libre maintained by Jason Self, are expected to have binaries of 5.18-gnu available shortly. Thanks, Jason!

        This was a busy release, with 7 new drivers requiring cleanups to avoid inducing users to install the blobs they require: MIPI DBI panels, Amphion VPU, MediaTek MT7986 WMAC, Mediatek 7921U (USB) and Realtek 8852a and 8852c WiFi, Intel AVS, and Texas Instruments TAS5805M speaker amplifier. A bunch DTS files were added for new Qualcomm AArch64 SoCs, and had the blob names in them cleaned up for the same reason.

        Other preexisting drivers also required updates because of new mentions of blobs: AMD GPUs, MediaTek MT7915 and Silicon Labs WF200+ WiFi, Mellanox Spectrum wired ethernet, Realtek rtw8852c, Qualcomm Q6V5 and Wolfson ADSP, MediaTek HCI UART.

        Finally, lots of drivers were moved within the source tree, and the script that drives the cleaning up had to be updated to reflect those changes to media drivers, MHI bus and AMD GPU.

        For up-to-the-minute news, join us on IRC (#gnu-linux-libre on libera.chat). I often mention our releases on P2P or federated social media as well. The link in my email signature has directions.

        Be Free! with GNU Linux-libre.

      • 9to5LinuxGNU Linux-Libre 5.18 Kernel Is Here for Those Who Seek 100% Freedom for Their PCs

         Based on the upstream Linux 5.18 kernel series, the GNU Linux-libre 5.18 kernel is here to clean up seven new drivers, including Amphion VPU, MIPI DBI panels, Intel AVS, MediaTek MT7986 WMAC, MediaTek 7921U (USB) Wi-Fi, Realtek 8852a and 8852c Wi-Fi, as well as Texas Instruments TAS5805M speaker amplifier.

        In addition, the GNU Linux-libre 5.18 kernel adds several DTS files for new Qualcomm AArch64 SoCs and cleans up the blob names in them, and updates existing drivers that received changes upstream and now require deblobbing.

      • Ubuntu HandbookLinux Kernel 5.18 Released! How to Install it in Ubuntu 22.04 | UbuntuHandbook

        Linux Kernel 5.18 was released on this Sunday. Ubuntu 22.04 user can install this new kernel via the mainline PPA repository.

      • ZDNetLinux kernel 5.18 arrives: Here's what's new | ZDNet

        Linux creator Linux Torvalds has announced the stable Linux kernel version 5.8 release after making it through the final week of development with "no unexpected nasty surprises".

        As usual, Torvalds announced the latest stable release of the Linux kernel on Sunday evening. It was on time and about two months after the stable 5.17 release, thus opening the merge window for Linux 5.19.

        Torvalds had little exciting to say about Linux 5.18 but still encouraged developers to run it.

        "I'd still like people to run boring old plain 5.18 just to check, before we start with the excitement of all the new features for the merge window," wrote Torvalds.

        Still there were "random driver updates" as well as "some other minor architecture fixes, some core networking, and some tooling stuff."

      • Linux Kernel 5.18 Has Been Released — What’s New? | iTech Post

        On Sunday, May 22, Linus Torvalds launched Linux kernel 5.18. According to The Register, Torvalds, who is the principal force behind the development of the Linux operating system, said the release was typical of those he made for each of the eight release candidates: no bad surprises this time, no significant or difficult additions, and no bugs hampered the development process.

        Before getting enthusiastic about the upcoming release 5.19, Torvalds advised developers to "run boring old plain 5.18."

      • Microconferences at Linux Plumbers Conference: Kernel Testing & Dependability

        Linux Plumbers Conference 2022 is pleased to host the Kernel Testing & Dependability Microconference

        The Kernel Testing & Dependability Microconference focuses on advancing the state of testing of the Linux kernel and testing on Linux in general. The main purpose is to improve software quality and dependability for applications that require predictability and trust. The microconference aims to create connections between folks working on similar projects, and help individual projects make progress

        This microconference is a merge of Testing and Fuzzing and the Kernel Dependability and Assurance microconferences into a single session. There was a lot of overlap in topics and attendees of these MCs and and combining the two tracks will promote collaboration between all the interested communities and people.

    • Graphics Stack

      • Iago Toral: Vulkan 1.2 getting closer

        Lately I have been exposing a bit more functionality in V3DV and was wondering how far we are from Vulkan 1.2. Turns out that a lot of the new Vulkan 1.2 features are actually optional and what we have right now (missing a few trivial patches to expose a few things) seems to be sufficient for a minimal implementation.

        We actually did a test run with CTS enabling Vulkan 1.2 to verify this and it went surprisingly well, with just a few test failures that I am currently looking into, so I think we should be able to submit conformance soon.

    • Applications

      • Linux LinksBest Free and Open Source Alternatives to Corel MotionStudio 3D

        This series looks at the best free and open source alternatives to products offered by Corel.

        Corel MotionStudio 3D is a 3D titling, motion graphics and effects-in one complete package. It’s proprietary software and not available for Linux.

        What are the best free and open source alternatives?

      • HackadayLotus 123 For Linux Is Like A Digital Treasure Hunt | Hackaday

        Ever hear of Lotus 123? It is an old spreadsheet program that dominated the early PC market, taking the crown from incumbent Visicalc. [Tavis Ormandy] has managed to get the old software running natively under Linux — quite a feat for software that is around 40 years old and was meant for a different operating system. You can see the results in glorious green text on a black screen in the video below.

        If you are a recent convert to Linux, you might not remember what a pain it was “in the old days” to install software. But in this case, it is even worse since the software isn’t even for Linux. The whole adventure started with [Tavis] wanting to find the API kit used to add plugins to Lotus. In theory, you could use it to add modern features to the venerable spreadsheet program.

      • Make Use OfThe 8 Best Linux Apps for Photographers

        Capture and create beautiful photographs on Linux using these eight apps specially developed for photographers.

        For photographers, Linux provides some of the most advanced and comprehensive image manipulation applications. Best of all, virtually all of them are free and open-source software. That means that no matter what you decide to do with them, it won’t cost you a dime. You can download some just to check them out or incorporate them into your regular workflow. It’s up to you.

      • PostgreSQLPgpool-II 4.3.2, 4.2.9, 4.1.12, 4.0.19 and 3.7.24 released.
      • PostgreSQLpgmetrics 1.13 released

        We're happy to announce the release of v1.13 of pgmetrics.

      • LWNSystemd 251 released

        Systemd 251 is out. The list of changes includes an increase of the minimum kernel version to 4.15, use of C11 to build the program, increased use of filesystem ID mapping, and many other things; see the announcement for all the details.

    • Instructionals/Technical

      • How To Install Linux Kernel 5.18 On Ubuntu / Linux Mint | Tips On UNIX

        Linus Torvalds today announced the Linux kernel 5.18 and it comes with new features and improvements in hardware support.

      • How to Install Akaunting on Ubuntu 20.04 - RoseHosting

        Akaunting is web-based, free, and open-source accounting software designed to help small businesses. It helps small businesses and freelancers manage and streamline payment, invoicing, and other operations. With its client portal features, administrators are able to share financial information like transactional and invoicing information with the clients. The application also offers complete tools to manage your finances.

      • ID RootHow To Install Caddy on Ubuntu 22.04 LTS - idroot

        In this tutorial, we will show you how to install Caddy on Ubuntu 22.04 LTS. For those of you who didn’t know, Caddy is a powerful open-source web server written in Go. It has great security features with automatic HTTPS and fast than other web servers utilizing the power of CPUs.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Caddy web server on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • MakeTech EasierHow to Manage Git in Emacs with Magit - Make Tech Easier

        Git is a brilliant tool. It simplifies the version control process and it allows users to easily share and contribute code to each other. Git is also system and content agnostic. This means that it can run on any platform, which makes it a highly useful and sought after tool for programmers and casual users alike.

        One issue with Git, however, is that it requires you to use a command-line utility to fully use its functions. This means that in order to use Git you need to learn a number of commands specific to it. However, if you are using Emacs there can be a better way.

        Magit is a powerful front-end for Git in Emacs. It allows you to easily and seamlessly use Git in Emacs to create, manipulate and save Git repositories through simple Emacs keybindings. Not only that, Magit also automatically adapts existing Git repositories through its interface. This means that you can install Magit right now and immediately use it to manage version control.

      • How to Show Line Numbers in Vi - buildVirtual

        When making changes to scripts or text files from the Linux command line I tend to use Vi / Vim as my go to editor as it tends to be available on any Linux system I work on.

        If you’re used to writing scripts using a tool such as vscode, you will be used to seeing line numbers in the editor. Line numbers are particularly useful when writing scripts as a way to help navigate your code making it easier to debug scripts as well as work collaboratively. When first using vi or vim, they are a notable absence, as by default they are not shown. Luckily it’s easy to turn line numbering on.

      • PHP MySQL ORDER BY Clause - OSTechNix

        This guide describes how to select data from a MySQL database table and sort the data by a specific column in ascending or descending order with ORDER by clause using PHP in XAMPP stack.

      • Linux Shell TipsHow to Change the Owner of Directory in Linux

        Under a Linux file system, we have files, folders, and directories. A folder only contains files and a directory contains both folders and files. Each of these files, folders, and directories are associated with an owner, a group, and permission access rights.

        This article guide will walk us through determining and changing the ownership of a directory on a Linux system.

      • Linux Shell TipsHow to View PDF File in Linux Command Line

        Please note that this article seeks to explore viable ways of viewing (not opening) a PDF file from the Linux command-line environment. The creation of the PDF or Portable Document Format file type was inspired to solve/lessen the hurdles that made document sharing between operating systems and computers difficult.

      • CitizixHow to use Terraform to create a vpc network and a Cloud SQL in GCP

        In this guide, we will build a Cloud SQL instance in Google cloud platform using terraform. Terraform allows you to develop cloud infrastructure by automating repetitive tasks.

        Creating a Cloud SQL cluster in the console can be tiring, especially if you have to create multiple instances with different parameters such as node types, node sizes etc. Terraform was created to solve that problem. It allows you to have the instructions as code that can be used to plan, deploy, modify, and destroy the clusters programmatically.

      • Linux Shell TipsHow to Convert Hex to ASCII Characters in Linux

        A hexadecimal numbering system is ideal for large digital systems as it can hold/represent long binary values. This system is referred to as base-16 because a combined total of 16 (digital and alphabetic) symbols from 0 to F are used to represent it.

        In comparison to other numbering systems like decimal, hexadecimal provides a closer visual mapping making it easier to read ad interpret.

        ASCII or American Standard Code for Information Interchange makes electronic communication possible through its character encoding standard. Therefore, this standard takes credit for text representation in devices like computers and telecommunication equipment.

      • Linux Shell TipsHow to Install Python Programming in Alpine Linux

        An increasing number of Linux users are moving towards Python programming language as the go-to development language for mobile, desktop, and web-based applications. Python is also gaining roots in data science as an effective and powerful tool for complex datasets’ manipulation, analysis, and visualization.

      • CitizixHow to use Terraform to create a Redis instance in GCP

        In this guide, we will build a Redis instance in Google cloud platform using terraform. Terraform allows you to develop cloud infrastructure by automating repetitive tasks.

        Creating a Redis cluster in the console can be tiring, especially if you have to create multiple instances with different parameters such as node types, node sizes etc. Terraform was created to solve that problem. It allows you to have the instructions as code that can be used to plan, deploy, modify, and destroy the clusters programmatically.

      • TecAdminHow To Install LibreOffice on Ubuntu 22.04

        LibreOffice is a free and open-source office suite with a clean interface. It provides most of the tools required for an Office suite like Writer (word processing), Calc (spreadsheets), Impress (presentations), Draw (vector graphics and flowcharts), Base (databases), and Math (formula editing), etc.

        We can directly download the LibreOffice Debian packages from its official download page or use the Apt repository for the installation.

        This tutorial will help you to install LibreOffice on Ubuntu 22.04 Desktop system.

      • nixCraftHow To Save A File In Vim / Vi Without Root Permission With sudo

        {Updated} Forgot to edit Linux or Unix/macOS file as sudo user? Want to overwrite without quitting vim on Linux/Unix? Try vim cmd trick and save time.The post How To Save A File In Vim / Vi Without Root Permission With sudo appeared first on nixCraft.

      • ByteXDBash Check File If Exists - ByteXD

        When working with files in bash, it is essential to know whether the particular file or directory exists. Based on the availability of the files and directories, you can perform further operations and tasks. This tutorial will introduce, explain, and demonstrate how to check if a file or directory exists in the specified location. Let’s explore them.

      • Red HatHow to install command-line tools on a Mac | Red Hat Developer [Ed: This is what Red Hat is publishing...]

        You can install command line tools like those from Linux on macOS but that requires a change to security settings. Learn more.

      • How to install PostgreSQL 14 on Ubuntu 20.04 from the source - NextGenTips

        In this article, we are going to learn how to install and get PostgreSQL 14 up and running on an Ubuntu 20.04 server. PostgreSQL is a powerful, open-source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.

      • nixCraftHow to change hostname on Amazon Linux 2 without reboot

        Do you want to set or update the AWS EC2 or Lightsail hostname without a reboot when using Amazon Linux 2? Here is how to set or change the hostname on Amazon Linux 2 distribution using the ssh client.

    • Games

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Kdenlive 22.04.1 released

          The first maintenance release of the 22.04 series is out with two out-of-the-box effect templates: Secondary Color Correction and Shut-off as well as a new Box Blur filter. This version fixes incorrect levels displayed in the audio mixer, timeline preview rendering, thumbnail caching and text alignment in the Titler. There is also a reverse option in same track transitions.

        • Kraft Version 0.98

          We are happy to announce the new Kraft version 0.98 that is available for download.

          Kraft is software for the Linux desktop to handle quotes and invoices in the small business.

          This is a version packed with bugfixes and also new features. The most important fixes were in the area of the catalog handling: Based on bug reports from the community the catalog window was completely reworked. Drag and drop of items in the catalog, the sorting and reordering of items are now working properly and as planned.

        • KDE Consistency: Interview With Goal Champion! - Kockatoo Tube
        • KDE Goals Retrospective: Consistency

          As part of the preparation for the new round of KDE Goals (as described last week), I’ll be interviewing our Goal Champions.

          The purpose is to learn what went good, what could’ve gone better and share wisdom to all that are thinking about becoming a new Champion.

      • GNOME Desktop/GTK

        • OMG UbuntuProductive Summer Planned for Pitivi Video Editor - OMG! Ubuntu!

          Any list of Linux video editors would be incomplete if it didn’t include Pitivi.

          I have a real soft spot for this oft-overlooked GTK & GStreamer based non-linear video editor. It’s inherently stable, has a clean, ordered UI, and diligently focuses on ensuring the ‘basics’ of video editing (cutting, arranging, simple effects, simple transitions, etc) are catered for.

          As it’s GTK-based means Pitivi looks right at home on GNOME-based desktops. But soon it will look even nicer as a GTK4 port of Pitivi is getting underway as part of this year’s Google Summer of Code.

          Under the guidance of GNOME Foundation mentors, developer Aryan Kaushik is going to tackle the not-so-trivial task of updating Pitivi’s UI to GTK4. This effort could improve the application’s performance as well as its overall integration with more recent versions of the GNOME desktop that use the libadwaita stack.

        • GNOME will be mentoring 9 new contributors in Google Summer of Code 2022! – Felipe Borges

          We are happy to announce that GNOME was assigned nine slots for Google Summer of Code projects this year!

          GSoC is a program focused on bringing new contributors into open source software development. A number of long term GNOME developers are former GSoC interns, making the program a very valuable entry point for new members in our project.

        • How your organisation’s travel policy can impact the environment | Philip Withnall

          Following on from updating our equipment policy, we’ve recently also updated our travel policy at the Endless OS Foundation. A major part of this update was to introduce consideration of carbon emissions into the decision making for when and how to travel. I’d like to share what we came up with, as it should be broadly applicable to many other technology organisations, and I’m quite excited that people across the foundation worked to make these changes happen.

  • Distributions and Operating Systems

    • Barry KaulerA rethink of EasyOS architecture

      As I posted a couple of days ago, taking some time-out from getting the bugs out of Easy Bookworm, to think about some fundamental issues and how they might be fixed.

      A big concern is running Easy on a cheap flash drive that does not have wear-leveling. The problem becomes more severe if the working-partition is ext4 with a journal, as the journal writes a lot to the drive.

      Another problem, that has also plagued the pups, is that if the working-partition does not have a journal, the filesystem is marked as "not clean" at shutdown.

      The latter problem is caused by the aufs layered filesystem being at "/", so we are unable to unmount it at shutdown. Nor are we able to remount the working-partition as read-only, as it is busy.

    • Barry KaulerThinking about a new logo for EasyOS

      The box-in-a-box does suggest containers, so is meaningful. Looking at it though, it does seem uninteresting.

  • Free, Libre, and Open Source Software

    • Web Browsers

      • Mozilla

        • ThunderbirdThunderbird By The Numbers: Our 2021 Financial Report

          Transparency and open source go hand-in-hand. But just because Thunderbird’s development work, roadmap, and financials are public, doesn’t always mean they’re well publicized.

          That’s where my role as Marketing Manager comes into focus. To shine a spotlight on the numbers, the features, the facts, and the future. I want to keep you informed without you needing to hunt down every scrap of information!

          With that in mind, let’s talk about money. Specifically, Thunderbird’s income for 2021, and how it positively affects our team, our product, and our roadmap.

    • Programming/Development

  • Leftovers

    • 2022 Week 19/20: Thoughts and Photos

      I am not fluent in any language other than English (and by my proclivity for spelling errors, that may come as a surprise!), and I don't have any natural talent for learning other languages.

    • My new project: Jeuxterm (online games in terminal)



      I love text-based things, and I love games, and I love creating stuff. So, I guess, coming up with this project makes a lot of sense.

    • The Secret Farmer's Market

      Obviously this isn't a big deal, it's just a minor example of a couple pet peeves: 1) being on the technological fringe (e.g. not on Facebook or Instagram) means you're excluded from things that only exist in the walled garden, and 2) organisations are generally bad at keeping their information up-to-date online.

    • Science

    • Proprietary

      • GhacksHere is why Microsoft continues to add unpopular features to Windows

        Microsoft plans to release two feature updates for its Windows operating systems later this year. Work on future feature updates continues unhindered as well, and the first builds of the 2023 feature update version are already available.

        [...]

        Web addresses may be entered directly to open sites, but any other input is redirected to Microsoft's Bing search engine. All requests are opened in Microsoft's Edge web browser when the search widget is used.

      • Computer WeeklyMicrosoft drops emergency patch after Patch Tuesday screw up

        Microsoft has issued an out-of-band patch fixing an issue that caused server or client authentication failures on domain controllers after installing the 10 May 2022 Patch Tuesday updates.

        The Patch Tuesday issue was identified by users shortly after the monthly update was issued, and affected services including Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP) and Protected Extensible Authentication Protocol (PEAP).

    • Security

      • Password policy guidance | Pen Test Partners

        Passwords are securely stored by using a one-way hashing algorithm to generate a representation of the original password. Authentication mechanisms then compare the hash of an entered password with the stored hash value to determine if the password is correct. Because these hashing algorithms are not reversible, the only way to crack a password is to guess passwords and see if there is a hash match. It is therefore important to make the password resistant to cracking so that if a hashed password is compromised, either by gaining access to the database or capturing it from the network, the original password cannot be retrieved and used by an attacker. The way to do that is by using strong passwords.

      • Dvuln Labs

        This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.

        A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

        The problem here is that an attacker who has access to the encrypted licence data (whether that be through accessing a phone backup, direct access to the device or remote compromise) could easily brute-force this 4-digit PIN by using a script that would try all 10,000 combinations….

        […]

        The second design flaw that is favourable for attackers is that the Digital Driver Licence data is never validated against the back-end authority which is the Service NSW API/database.

        This means that the application has no native method to validate the Digital Driver Licence data that exists on the phone and thus cannot perform further actions such as warn users when this data has been modified.

        As the Digital Licence is stored on the client’s device, validation should take place to ensure the local copy of the data actually matches the Digital Driver’s Licence data that was originally downloaded from the Service NSW API.

        As this verification does not take place, an attacker is able to display the edited data on the Service NSW application without any preventative factors.

      • LWNSecurity updates for Monday

        Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10).

      • CISAMozilla Releases Security Products for Multiple Firefox Products | CISA

        Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.  

      • MozillaUpgrading Mozilla’s Root Store Policy to Version 2.8 - Mozilla Security Blog

        In accordance with the Mozilla Manifesto, which emphasizes the open development of policy that protects users’ privacy and security, we have worked with the Mozilla community over the past several months to improve the Mozilla Root Store Policy (MRSP) so that we can now announce version 2.8, effective June 1, 2022. These policy changes aim to improve the transparency of Certificate Authority (CA) operations and the certificates that they issue.

      • We need to talk about sex toys and cyber security | Pen Test Partners

        We’ve written about the appalling security of smart sex toys over the years. Finally, an invite came to give a talk on the subject to a TEDx audience.

        I debated whether to give the talk with colleagues, as we’ve never wanted to be pigeon-holed in this space! But we felt that public awareness of the lax security was one of the ways to encourage the toy manufacturers to improve.

        Issues such as precise position leakage of LGBT+ people in countries where they were persecuted by authorities were simply too concerning.

      • Privacy/Surveillance

        • Second time’s not the charm: Health Data Management Policy misses the mark again

          IFF wrote to the National Health Authority (NHA) as part of the consultation conducted for the Ayushman Bharat Digital Mission’s Draft Health Data Management Policy (“Draft policy"). Through our inputs, we have tried to highlight the existence of a weak legal foundation and inadequate preparatory groundwork; excessive delegation; a constricted digital consent, confidentiality and privacy framework; over-reliance on an Aadhaar-based authentication system; and, vague systems for anonymisation and de-identification, as well as the complete absence of strict access control requirements for personal health data.

        • AccessNowAs the WEF meets, pressure is on the world’s powerbrokers to shut down the spyware industry - Access Now

          In 2022, there is no business case for spyware technology. Its abuse is tainting the entire tech sector. If the industry’s big players do not step up and take a bold stand on surveillance now, it’s not only the human rights of millions of people at risk, it’s their own futures.

          The finance world’s powerbrokers are meeting at the World Economic Forum in Davos this week, and they must seize this opportunity to shut down an unchecked industry that’s bad for their reputations, and disastrous for human rights. We need a moratorium limiting the sale, transfer, and use of these cyber weapons until people’s rights are safeguarded under international human rights law backed by Davos leaders.

          The surveillance tech industry has long facilitated gross violations of human rights in darkness — no accountability, no checks and balances. But in recent years, as civil society systematically shone a light on the sector’s harmful impact, companies are facing a colossal blowback. With each new revelation of invasive, warrantless spying — on everyone from journalists and activists, to public health advocates, to heads of state — the surveillance industry’s malpractice is thrust into the public realm. This may be just the start of the industry’s end.

          [...]

          These actions follow calls by U.N. human rights experts — echoed by Costa Rica — for a global moratorium on the sale, transfer, and use of private surveillance technologies until human rights-compliant laws and regulatory frameworks are in place.

          Not even the tech industry wants surveillance tech in its ranks, and companies that are impacted by spyware are reacting. WhatsApp and Apple are suing NSO Group in separate cases, Amazon shut down infrastructure and accounts linked to NSO Group, and Meta removed seven “surveillance-for-hire” operations that targeted over 50,000 Facebook users. Google spoke up, dropping a meticulous report on a recent NSO Group attack.

    • Finance

      • Capital One rules in my favor against Batteries Plus Bulbs, but I’m not even sure if I’ve won. – BaronHK's Rants

        Capital One rules in my favor against Batteries Plus Bulbs, but I’m not even sure if I’ve won.

        This dispute has been going on since April 15th. Today I got another letter from Capital One that my amended argument has been accepted against Batteries Plus Bulbs, in which I argued that since I had to have my Buick remote reprogrammed and a new key cut at Anthony Buick GMC in Gurnee, Illinois, and that since Bhushan Chouhan, the store owner, refunded me for the mechanical key, I was still owed $69.99 for a programming job that he didn’t provide, but that I agreed to drop the rest of the dispute.

    • AstroTurf/Lobbying/Politics

      • MakeTech EasierNew Facebook Algorithm Shows Spam in Top 20 Links

        Meta tried to put a positive spin on its latest news about Facebook, but it’s still alarming. The “widely-viewed content report” was shared with a new way of calculating which links belong in the top positions, but it really shows that much of its most-read content on Facebook is spam.

    • Internet Policy/Net Neutrality

      • Gemipedia Improvements

        I'm really pleased with Gemipedia, both in people's response to it, and also just how much I'm personally using it. I've basically stopped using the dedicated Wikipedia app on my phone, and use it exclusive on my Kindle. Since launching it about 2 weeks ago, I've been hard at working improving it.

      • My hobby alternative to Gemini, HTTP and Gopher: HFNP (Hafnium Paging Protocol)
      • Ulrike Uhlig: How do kids conceive the internet? - part 3

        I received some feedback on the first part of interviews about the internet with children that I’d like to share publicly here. Thank you! Your thoughts and experiences are important to me!

        [...]

        Thanks :) I’m happy and touched that these interviews prompted your wonderful reactions, and I hope that there’ll be more to come on this topic. I’m working on it!



Recent Techrights' Posts

Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024