Mentioned previously here[1], I took an image from one laptop (Macbook Air) and moved it to another (Thinkpad T440p).
I wanted to note in this update, that I had a devilish time getting hiberate to work consistently. Sometimes it worked, other times it didn't. Shutdown and suspend were also impacted.
My brother told me that Linux was like a "software erector set" (that's a dated reference to the old Erector sets that could be purchased in the 1950s and 1960s) which was a helpful metaphor. I was using Windows 3.1 and Windows NT at the time and was trying to build a useful and safe K-12 school district website. This was in 2001 and 2002 and there were very few texts or resources on the web that were helpful. One of the resources recommended was the "Root Users Guide," a very large book that had lots of printed information in it but was tough to decipher and know just how to proceed.
One of the most useful resources for me was an online course that Mandrake Linux maintained. It was a step-by-step explanation of the nuances of using and administering a Linux computer or server. I used that along with a listserv that Red Hat maintained in those days, where you could pose questions and get answers.
System76 already makes Linux laptops. So, what is this all about?
Well, this time, it will be a Linux laptop by HP, powered by Pop!_OS, i.e., the Ubuntu-based Linux distribution by System76.
Carl Richell (System76’s Founder) made the announcement through his Twitter handle, with a link to the website that provides additional information on this.
Almost all HP laptops are sold with Windows preinstalled; however, there are notable exceptions. We’re pleased to see a major computer manufacturer, HP, offer a Linux laptop.
The yet-to-be-launched laptop will be a collaboration between HP and System76, a Denver-based American computer manufacturer.
And, quite logically, the laptop will run Pop!_OS, an Ubuntu-based Linux desktop distro developed by System76. Pop!_OS uses GNOME as the desktop environment, and System76’s in-house made Pop!_OS COSMIC desktop.
Containers and Open Container Initiative (OCI) images are important open source application packaging and delivery technologies made popular by projects like Docker and Kubernetes. The better you understand them, the more able you will be to use them to enhance the consistency and scalability of your projects.
In this article, I will describe this technology in simple terms, highlight the essential aspects of images and containers for a developer to understand, then wrap up by discussing some best practices developers can follow to make their containers portable. I will also walk you through a simple lab that demonstrates building and running images and containers.
In this video, I am going to show an overview of Kali Linux KDE 2022.2 and some of the applications pre-installed.
**katomic,** **kauth,** **kbackup,** **kblackbox,** **kblocks,** **kbookmarks,** **kbounce,** **kbreakout** from the **kde** software series of Slackware.
Linux kernel 5.18 brings lots of goodies for GNU/Linux users, including support for new features in AMD and Intel CPUs, improved support for NVMe devices, new and improved security features to protect you against the latest threats, as well as new and updated drivers for top-notch hardware support.
Ubuntu is one of those distributions that do not receive a newer kernel version when a new stable branch is available. Interim Ubuntu releases stick to the kernel version that they shipped with, so users might want to upgrade the kernel to newer releases.
GNU Linux-libre 5.18-gnu cleaning-up scripts, cleaned-up sources, and cleaning-up logs (including tarball signatures) are now available from our git-based release archive git://linux-libre.fsfla.org/releases.git/ tags {scripts,sources,logs}/v5.18-gnu.
Compressed tarballs and incremental patches are also available at <https://www.fsfla.org/selibre/linux-libre/download/releases/5.18-gnu/>.
The cleanup scripts are unchanged since the updates for rc6. Jason Self drew a new image for his beautiful Freedo-and-GNU-themed artwork collection for this release, check it out at https://linux-libre.fsfla.org/#news or the whole collection at https://jxself.org/git/?p=freedo.git;a=tree
While adding Jason's image, I noticed earlier images were a little messed up in our https://linux-libre.fsfla.org/#artwork section, so I fixed them up, and turned the displayed bitmap images into links to their corresponding sources in vector graphics.
Freesh and RPMFreedom, the distributions of .deb and .rpm packages of GNU Linux-libre maintained by Jason Self, are expected to have binaries of 5.18-gnu available shortly. Thanks, Jason!
This was a busy release, with 7 new drivers requiring cleanups to avoid inducing users to install the blobs they require: MIPI DBI panels, Amphion VPU, MediaTek MT7986 WMAC, Mediatek 7921U (USB) and Realtek 8852a and 8852c WiFi, Intel AVS, and Texas Instruments TAS5805M speaker amplifier. A bunch DTS files were added for new Qualcomm AArch64 SoCs, and had the blob names in them cleaned up for the same reason.
Other preexisting drivers also required updates because of new mentions of blobs: AMD GPUs, MediaTek MT7915 and Silicon Labs WF200+ WiFi, Mellanox Spectrum wired ethernet, Realtek rtw8852c, Qualcomm Q6V5 and Wolfson ADSP, MediaTek HCI UART.
Finally, lots of drivers were moved within the source tree, and the script that drives the cleaning up had to be updated to reflect those changes to media drivers, MHI bus and AMD GPU.
For up-to-the-minute news, join us on IRC (#gnu-linux-libre on libera.chat). I often mention our releases on P2P or federated social media as well. The link in my email signature has directions.
Be Free! with GNU Linux-libre.
 Based on the upstream Linux 5.18 kernel series, the GNU Linux-libre 5.18 kernel is here to clean up seven new drivers, including Amphion VPU, MIPI DBI panels, Intel AVS, MediaTek MT7986 WMAC, MediaTek 7921U (USB) Wi-Fi, Realtek 8852a and 8852c Wi-Fi, as well as Texas Instruments TAS5805M speaker amplifier.
In addition, the GNU Linux-libre 5.18 kernel adds several DTS files for new Qualcomm AArch64 SoCs and cleans up the blob names in them, and updates existing drivers that received changes upstream and now require deblobbing.
Linux Kernel 5.18 was released on this Sunday. Ubuntu 22.04 user can install this new kernel via the mainline PPA repository.
Linux creator Linux Torvalds has announced the stable Linux kernel version 5.8 release after making it through the final week of development with "no unexpected nasty surprises".
As usual, Torvalds announced the latest stable release of the Linux kernel on Sunday evening. It was on time and about two months after the stable 5.17 release, thus opening the merge window for Linux 5.19.
Torvalds had little exciting to say about Linux 5.18 but still encouraged developers to run it.
"I'd still like people to run boring old plain 5.18 just to check, before we start with the excitement of all the new features for the merge window," wrote Torvalds.
Still there were "random driver updates" as well as "some other minor architecture fixes, some core networking, and some tooling stuff."
On Sunday, May 22, Linus Torvalds launched Linux kernel 5.18. According to The Register, Torvalds, who is the principal force behind the development of the Linux operating system, said the release was typical of those he made for each of the eight release candidates: no bad surprises this time, no significant or difficult additions, and no bugs hampered the development process.
Before getting enthusiastic about the upcoming release 5.19, Torvalds advised developers to "run boring old plain 5.18."
Linux Plumbers Conference 2022 is pleased to host the Kernel Testing & Dependability Microconference
The Kernel Testing & Dependability Microconference focuses on advancing the state of testing of the Linux kernel and testing on Linux in general. The main purpose is to improve software quality and dependability for applications that require predictability and trust. The microconference aims to create connections between folks working on similar projects, and help individual projects make progress
This microconference is a merge of Testing and Fuzzing and the Kernel Dependability and Assurance microconferences into a single session. There was a lot of overlap in topics and attendees of these MCs and and combining the two tracks will promote collaboration between all the interested communities and people.
Lately I have been exposing a bit more functionality in V3DV and was wondering how far we are from Vulkan 1.2. Turns out that a lot of the new Vulkan 1.2 features are actually optional and what we have right now (missing a few trivial patches to expose a few things) seems to be sufficient for a minimal implementation.
We actually did a test run with CTS enabling Vulkan 1.2 to verify this and it went surprisingly well, with just a few test failures that I am currently looking into, so I think we should be able to submit conformance soon.
This series looks at the best free and open source alternatives to products offered by Corel.
Corel MotionStudio 3D is a 3D titling, motion graphics and effects-in one complete package. It’s proprietary software and not available for Linux.
What are the best free and open source alternatives?
Ever hear of Lotus 123? It is an old spreadsheet program that dominated the early PC market, taking the crown from incumbent Visicalc. [Tavis Ormandy] has managed to get the old software running natively under Linux — quite a feat for software that is around 40 years old and was meant for a different operating system. You can see the results in glorious green text on a black screen in the video below.
If you are a recent convert to Linux, you might not remember what a pain it was “in the old days” to install software. But in this case, it is even worse since the software isn’t even for Linux. The whole adventure started with [Tavis] wanting to find the API kit used to add plugins to Lotus. In theory, you could use it to add modern features to the venerable spreadsheet program.
Capture and create beautiful photographs on Linux using these eight apps specially developed for photographers.
For photographers, Linux provides some of the most advanced and comprehensive image manipulation applications. Best of all, virtually all of them are free and open-source software. That means that no matter what you decide to do with them, it won’t cost you a dime. You can download some just to check them out or incorporate them into your regular workflow. It’s up to you.
We're happy to announce the release of v1.13 of pgmetrics.
Systemd 251 is out. The list of changes includes an increase of the minimum kernel version to 4.15, use of C11 to build the program, increased use of filesystem ID mapping, and many other things; see the announcement for all the details.
Linus Torvalds today announced the Linux kernel 5.18 and it comes with new features and improvements in hardware support.
Akaunting is web-based, free, and open-source accounting software designed to help small businesses. It helps small businesses and freelancers manage and streamline payment, invoicing, and other operations. With its client portal features, administrators are able to share financial information like transactional and invoicing information with the clients. The application also offers complete tools to manage your finances.
In this tutorial, we will show you how to install Caddy on Ubuntu 22.04 LTS. For those of you who didn’t know, Caddy is a powerful open-source web server written in Go. It has great security features with automatic HTTPS and fast than other web servers utilizing the power of CPUs.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Caddy web server on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Git is a brilliant tool. It simplifies the version control process and it allows users to easily share and contribute code to each other. Git is also system and content agnostic. This means that it can run on any platform, which makes it a highly useful and sought after tool for programmers and casual users alike.
One issue with Git, however, is that it requires you to use a command-line utility to fully use its functions. This means that in order to use Git you need to learn a number of commands specific to it. However, if you are using Emacs there can be a better way.
Magit is a powerful front-end for Git in Emacs. It allows you to easily and seamlessly use Git in Emacs to create, manipulate and save Git repositories through simple Emacs keybindings. Not only that, Magit also automatically adapts existing Git repositories through its interface. This means that you can install Magit right now and immediately use it to manage version control.
When making changes to scripts or text files from the Linux command line I tend to use Vi / Vim as my go to editor as it tends to be available on any Linux system I work on.
If you’re used to writing scripts using a tool such as vscode, you will be used to seeing line numbers in the editor. Line numbers are particularly useful when writing scripts as a way to help navigate your code making it easier to debug scripts as well as work collaboratively. When first using vi or vim, they are a notable absence, as by default they are not shown. Luckily it’s easy to turn line numbering on.
This guide describes how to select data from a MySQL database table and sort the data by a specific column in ascending or descending order with ORDER by clause using PHP in XAMPP stack.
Under a Linux file system, we have files, folders, and directories. A folder only contains files and a directory contains both folders and files. Each of these files, folders, and directories are associated with an owner, a group, and permission access rights.
This article guide will walk us through determining and changing the ownership of a directory on a Linux system.
Please note that this article seeks to explore viable ways of viewing (not opening) a PDF file from the Linux command-line environment. The creation of the PDF or Portable Document Format file type was inspired to solve/lessen the hurdles that made document sharing between operating systems and computers difficult.
In this guide, we will build a Cloud SQL instance in Google cloud platform using terraform. Terraform allows you to develop cloud infrastructure by automating repetitive tasks.
Creating a Cloud SQL cluster in the console can be tiring, especially if you have to create multiple instances with different parameters such as node types, node sizes etc. Terraform was created to solve that problem. It allows you to have the instructions as code that can be used to plan, deploy, modify, and destroy the clusters programmatically.
A hexadecimal numbering system is ideal for large digital systems as it can hold/represent long binary values. This system is referred to as base-16 because a combined total of 16 (digital and alphabetic) symbols from 0 to F are used to represent it.
In comparison to other numbering systems like decimal, hexadecimal provides a closer visual mapping making it easier to read ad interpret.
ASCII or American Standard Code for Information Interchange makes electronic communication possible through its character encoding standard. Therefore, this standard takes credit for text representation in devices like computers and telecommunication equipment.
An increasing number of Linux users are moving towards Python programming language as the go-to development language for mobile, desktop, and web-based applications. Python is also gaining roots in data science as an effective and powerful tool for complex datasets’ manipulation, analysis, and visualization.
In this guide, we will build a Redis instance in Google cloud platform using terraform. Terraform allows you to develop cloud infrastructure by automating repetitive tasks.
Creating a Redis cluster in the console can be tiring, especially if you have to create multiple instances with different parameters such as node types, node sizes etc. Terraform was created to solve that problem. It allows you to have the instructions as code that can be used to plan, deploy, modify, and destroy the clusters programmatically.
LibreOffice is a free and open-source office suite with a clean interface. It provides most of the tools required for an Office suite like Writer (word processing), Calc (spreadsheets), Impress (presentations), Draw (vector graphics and flowcharts), Base (databases), and Math (formula editing), etc.
We can directly download the LibreOffice Debian packages from its official download page or use the Apt repository for the installation.
This tutorial will help you to install LibreOffice on Ubuntu 22.04 Desktop system.
{Updated} Forgot to edit Linux or Unix/macOS file as sudo user? Want to overwrite without quitting vim on Linux/Unix? Try vim cmd trick and save time.The post How To Save A File In Vim / Vi Without Root Permission With sudo appeared first on nixCraft.
When working with files in bash, it is essential to know whether the particular file or directory exists. Based on the availability of the files and directories, you can perform further operations and tasks. This tutorial will introduce, explain, and demonstrate how to check if a file or directory exists in the specified location. Let’s explore them.
You can install command line tools like those from Linux on macOS but that requires a change to security settings. Learn more.
In this article, we are going to learn how to install and get PostgreSQL 14 up and running on an Ubuntu 20.04 server. PostgreSQL is a powerful, open-source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads.
Do you want to set or update the AWS EC2 or Lightsail hostname without a reboot when using Amazon Linux 2? Here is how to set or change the hostname on Amazon Linux 2 distribution using the ssh client.
Does your Godot-made game or tool (published or work in progress) make you proud? Would you like to showcase it in the upcoming 2022 showreel? Please send us a short video of it!
The first maintenance release of the 22.04 series is out with two out-of-the-box effect templates: Secondary Color Correction and Shut-off as well as a new Box Blur filter. This version fixes incorrect levels displayed in the audio mixer, timeline preview rendering, thumbnail caching and text alignment in the Titler. There is also a reverse option in same track transitions.
We are happy to announce the new Kraft version 0.98 that is available for download.
Kraft is software for the Linux desktop to handle quotes and invoices in the small business.
This is a version packed with bugfixes and also new features. The most important fixes were in the area of the catalog handling: Based on bug reports from the community the catalog window was completely reworked. Drag and drop of items in the catalog, the sorting and reordering of items are now working properly and as planned.
As part of the preparation for the new round of KDE Goals (as described last week), I’ll be interviewing our Goal Champions.
The purpose is to learn what went good, what could’ve gone better and share wisdom to all that are thinking about becoming a new Champion.
Any list of Linux video editors would be incomplete if it didn’t include Pitivi.
I have a real soft spot for this oft-overlooked GTK & GStreamer based non-linear video editor. It’s inherently stable, has a clean, ordered UI, and diligently focuses on ensuring the ‘basics’ of video editing (cutting, arranging, simple effects, simple transitions, etc) are catered for.
As it’s GTK-based means Pitivi looks right at home on GNOME-based desktops. But soon it will look even nicer as a GTK4 port of Pitivi is getting underway as part of this year’s Google Summer of Code.
Under the guidance of GNOME Foundation mentors, developer Aryan Kaushik is going to tackle the not-so-trivial task of updating Pitivi’s UI to GTK4. This effort could improve the application’s performance as well as its overall integration with more recent versions of the GNOME desktop that use the libadwaita stack.
We are happy to announce that GNOME was assigned nine slots for Google Summer of Code projects this year!
GSoC is a program focused on bringing new contributors into open source software development. A number of long term GNOME developers are former GSoC interns, making the program a very valuable entry point for new members in our project.
Following on from updating our equipment policy, we’ve recently also updated our travel policy at the Endless OS Foundation. A major part of this update was to introduce consideration of carbon emissions into the decision making for when and how to travel. I’d like to share what we came up with, as it should be broadly applicable to many other technology organisations, and I’m quite excited that people across the foundation worked to make these changes happen.
As I posted a couple of days ago, taking some time-out from getting the bugs out of Easy Bookworm, to think about some fundamental issues and how they might be fixed.
A big concern is running Easy on a cheap flash drive that does not have wear-leveling. The problem becomes more severe if the working-partition is ext4 with a journal, as the journal writes a lot to the drive.
Another problem, that has also plagued the pups, is that if the working-partition does not have a journal, the filesystem is marked as "not clean" at shutdown.
The latter problem is caused by the aufs layered filesystem being at "/", so we are unable to unmount it at shutdown. Nor are we able to remount the working-partition as read-only, as it is busy.
The box-in-a-box does suggest containers, so is meaningful. Looking at it though, it does seem uninteresting.
We are pleased to announce the release of Alpine Linux 3.16.0, the first in the v3.16 stable series.
Coming six months after Alpine Linux 3.15 and powered by Linux kernel 5.15 LTS, Alpine Linux 3.16 is here to offer users much-improved setup scripts that now better support NVMe devices, allow you to add SSH (Secure Shell) keys and create an administrator user, as well as to introduce a new setup-desktop script to make it easier to install your favorite desktop environment.
Talking about desktop environments, Alpine Linux 3.16 now ships with support for the latest and greatest GNOME 42 and KDE Plasma 5.24 LTS desktops.
Within months the Bank of Georgia IT team had completed implementation and built its SUSE Rancher and Kubernetes environment. It built two clusters (one for development and the other for production) and completed the migration of its core banking applications to the new infrastructure. The team also implemented a stretched Kubernetes cluster over its two data centers that sit miles apart — this stretched cluster is the first of its kind in the region.
We talk a lot about a technology-driven economy, but technology does not solve problems –people do. Technological investments depend on people.
For organizations trying to make a digital transformation, it can feel like people are stuck. Even when shifting to a digital environment is necessary for teams to function, there can be reluctance, hesitation, and in some cases, difficulty adapting to new kinds of communications and behaviors.
Change doesn’t happen overnight. The key to success is the ability to adopt and use new forms of technology. And that means your organization and your people need to overcome a common hurdle: the belief that technology alone will solve all problems. Author and professor Gerald Kane describes overlooking the importance of people in digital transformation as “the technology fallacy.”
Building your organization’s digital acumen is a critical priority for CIOs today. You won’t be future-ready by simply hiring people with the most cutting-edge skills – you also need to create a culture where everyone is continually working on growing and evolving their skills together.
I often tell my IT organization that the half-life of an IT professional is about 18 months because technology is constantly changing; thus, it is critical we are all continual learners. That’s true not only at Johnson & Johnson; I’ve observed this across other companies and industries too.
To support building our IT organization’s digital acumen, we implemented a program that uses artificial intelligence to assess our skills. Not only has this given us tremendous transparency into the strengths and gaps in our organization, but it’s also enabled us to keep our team members marketable and empowered. When you have an empowered team, they are more likely to be motivated to bring their best to their work.
A maximum transmission unit (MTU) is the largest packet that can be transmitted as a single entity over a network connection. Each network node defines the MTU for packets it's transmitting through a standard called path MTU discovery (PMTUD). The goal of PMTUD is to choose the most efficient packet size that will succeed in reaching the recipient. In this article, you'll learn how this process works in the Linux kernel's implementation of the Stream Control Transmission Protocol (SCTP).
Linux SCTP uses an algorithm called Datagram Packetization Layer Path MTU Discovery (DPLPMTUD, or just PLPMTUD), which is described in RFC 8899. Unlike earlier forms of PMTUD, this method does not rely on reception and validation of Packet Too Big (PTB) ICMP messages. The new implementation is therefore more robust than the classical PMTUD.
PLPMTUD for SCTP was implemented in the Linux kernel some months ago and will be supported on versions 8.6 and 9.0 of Red Hat Enterprise Linux.
In the previous article, we outlined how to connect applications that run across hybrid cloud environments. We saw how a layered approach with an enterprise Kubernetes platform, API management and service mesh can address north-south, east-west and network connectivity with the right isolation and separation of concerns.
Hybrid cloud environments and cloud-native applications are evolving, and with them the requirements for application connectivity evolve as well. Therefore, unified solutions that address network and application connectivity concerns together are required to provide abstraction and observability across the environment.
If you’re an engineering student or a robotics fanatic, I’m sure you’ve heard a lot about the Raspberry Pi and Pi projects. The regular Raspberry Pi boards and Pi projects are more often for robotics and simulations. The Pi board 3B, 4B, and higher versions are similar to a single-board computer (SBC). There are many differences between the Raspberry Pi regular boards and the Pi Pico boards. You can build and run projects on the Raspberry Pi Pico boards; on the other hand, you can run a Linux OS to get the full PC experience on traditional Pi boards. However, you can get the Fuzix OS on a Pico board. The Fuzix OS is a very tiny 8-bit OS perfect for a small Pico board.
It’s apparently part of Boufallo Lab SDK (e.g. for BL702 MCU), and has been ported and tested with WCH CH32V307 RISC-V MCU, STMicro STM32F4, and Nuvoton NUC442 Cortex-M4 microcontroller, as well as a two Arm Cortex-M3 microcontrollers I’ve never heard of: EastSoft ES32F3 and MindMotion MM32L3xx.
Qt for Android Automotive creates a bridge between the world of Qt and the Android Automotive environment. It provides excellent flexibility in terms of accessing car data. Depending on the needs, you can use tools for automatic code generation based on a high-level description or ready-to-use QML components.
Transparency and open source go hand-in-hand. But just because Thunderbird’s development work, roadmap, and financials are public, doesn’t always mean they’re well publicized.
That’s where my role as Marketing Manager comes into focus. To shine a spotlight on the numbers, the features, the facts, and the future. I want to keep you informed without you needing to hunt down every scrap of information!
With that in mind, let’s talk about money. Specifically, Thunderbird’s income for 2021, and how it positively affects our team, our product, and our roadmap.
How well do you know Java? Discover something new about one of the great platforms of modern computing.
I am not fluent in any language other than English (and by my proclivity for spelling errors, that may come as a surprise!), and I don't have any natural talent for learning other languages.
I love text-based things, and I love games, and I love creating stuff. So, I guess, coming up with this project makes a lot of sense.
Obviously this isn't a big deal, it's just a minor example of a couple pet peeves: 1) being on the technological fringe (e.g. not on Facebook or Instagram) means you're excluded from things that only exist in the walled garden, and 2) organisations are generally bad at keeping their information up-to-date online.
Microsoft plans to release two feature updates for its Windows operating systems later this year. Work on future feature updates continues unhindered as well, and the first builds of the 2023 feature update version are already available.
[...]
Web addresses may be entered directly to open sites, but any other input is redirected to Microsoft's Bing search engine. All requests are opened in Microsoft's Edge web browser when the search widget is used.
Microsoft has issued an out-of-band patch fixing an issue that caused server or client authentication failures on domain controllers after installing the 10 May 2022 Patch Tuesday updates.
The Patch Tuesday issue was identified by users shortly after the monthly update was issued, and affected services including Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP) and Protected Extensible Authentication Protocol (PEAP).
Passwords are securely stored by using a one-way hashing algorithm to generate a representation of the original password. Authentication mechanisms then compare the hash of an entered password with the stored hash value to determine if the password is correct. Because these hashing algorithms are not reversible, the only way to crack a password is to guess passwords and see if there is a hash match. It is therefore important to make the password resistant to cracking so that if a hashed password is compromised, either by gaining access to the database or capturing it from the network, the original password cannot be retrieved and used by an attacker. The way to do that is by using strong passwords.
This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.
A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.
The problem here is that an attacker who has access to the encrypted licence data (whether that be through accessing a phone backup, direct access to the device or remote compromise) could easily brute-force this 4-digit PIN by using a script that would try all 10,000 combinations….
[…]
The second design flaw that is favourable for attackers is that the Digital Driver Licence data is never validated against the back-end authority which is the Service NSW API/database.
This means that the application has no native method to validate the Digital Driver Licence data that exists on the phone and thus cannot perform further actions such as warn users when this data has been modified.
As the Digital Licence is stored on the client’s device, validation should take place to ensure the local copy of the data actually matches the Digital Driver’s Licence data that was originally downloaded from the Service NSW API.
As this verification does not take place, an attacker is able to display the edited data on the Service NSW application without any preventative factors.
Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10).
Mozilla has released security updatesââ¬Â¯to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.ââ¬Â¯Ã¢â¬Â¯
In accordance with the Mozilla Manifesto, which emphasizes the open development of policy that protects users’ privacy and security, we have worked with the Mozilla community over the past several months to improve the Mozilla Root Store Policy (MRSP) so that we can now announce version 2.8, effective June 1, 2022. These policy changes aim to improve the transparency of Certificate Authority (CA) operations and the certificates that they issue.
We’ve written about the appalling security of smart sex toys over the years. Finally, an invite came to give a talk on the subject to a TEDx audience.
I debated whether to give the talk with colleagues, as we’ve never wanted to be pigeon-holed in this space! But we felt that public awareness of the lax security was one of the ways to encourage the toy manufacturers to improve.
Issues such as precise position leakage of LGBT+ people in countries where they were persecuted by authorities were simply too concerning.
IFF wrote to the National Health Authority (NHA) as part of the consultation conducted for the Ayushman Bharat Digital Mission’s Draft Health Data Management Policy (“Draft policy"). Through our inputs, we have tried to highlight the existence of a weak legal foundation and inadequate preparatory groundwork; excessive delegation; a constricted digital consent, confidentiality and privacy framework; over-reliance on an Aadhaar-based authentication system; and, vague systems for anonymisation and de-identification, as well as the complete absence of strict access control requirements for personal health data.
In 2022, there is no business case for spyware technology. Its abuse is tainting the entire tech sector. If the industry’s big players do not step up and take a bold stand on surveillance now, it’s not only the human rights of millions of people at risk, it’s their own futures.
The finance world’s powerbrokers are meeting at the World Economic Forum in Davos this week, and they must seize this opportunity to shut down an unchecked industry that’s bad for their reputations, and disastrous for human rights. We need a moratorium limiting the sale, transfer, and use of these cyber weapons until people’s rights are safeguarded under international human rights law backed by Davos leaders.
The surveillance tech industry has long facilitated gross violations of human rights in darkness — no accountability, no checks and balances. But in recent years, as civil society systematically shone a light on the sector’s harmful impact, companies are facing a colossal blowback. With each new revelation of invasive, warrantless spying — on everyone from journalists and activists, to public health advocates, to heads of state — the surveillance industry’s malpractice is thrust into the public realm. This may be just the start of the industry’s end.
[...]
These actions follow calls by U.N. human rights experts — echoed by Costa Rica — for a global moratorium on the sale, transfer, and use of private surveillance technologies until human rights-compliant laws and regulatory frameworks are in place.
Not even the tech industry wants surveillance tech in its ranks, and companies that are impacted by spyware are reacting. WhatsApp and Apple are suing NSO Group in separate cases, Amazon shut down infrastructure and accounts linked to NSO Group, and Meta removed seven “surveillance-for-hire” operations that targeted over 50,000 Facebook users. Google spoke up, dropping a meticulous report on a recent NSO Group attack.
Capital One rules in my favor against Batteries Plus Bulbs, but I’m not even sure if I’ve won.
This dispute has been going on since April 15th. Today I got another letter from Capital One that my amended argument has been accepted against Batteries Plus Bulbs, in which I argued that since I had to have my Buick remote reprogrammed and a new key cut at Anthony Buick GMC in Gurnee, Illinois, and that since Bhushan Chouhan, the store owner, refunded me for the mechanical key, I was still owed $69.99 for a programming job that he didn’t provide, but that I agreed to drop the rest of the dispute.
Meta tried to put a positive spin on its latest news about Facebook, but it’s still alarming. The “widely-viewed content report” was shared with a new way of calculating which links belong in the top positions, but it really shows that much of its most-read content on Facebook is spam.
I'm really pleased with Gemipedia, both in people's response to it, and also just how much I'm personally using it. I've basically stopped using the dedicated Wikipedia app on my phone, and use it exclusive on my Kindle. Since launching it about 2 weeks ago, I've been hard at working improving it.
I received some feedback on the first part of interviews about the internet with children that I’d like to share publicly here. Thank you! Your thoughts and experiences are important to me!
[...]
Thanks :) I’m happy and touched that these interviews prompted your wonderful reactions, and I hope that there’ll be more to come on this topic. I’m working on it!