Bonum Certa Men Certa

Links 16/06/2022: Cambalache 0.10.0 and Fwupd 1.7.8



  • GNU/Linux

    • Supporting Scientific Training with Cloud Resources | Newsroom

      The team quickly decided to provide the Ubuntu Linux environments within the Google Cloud Platform (GCP). Each Linux system provided 16 CPUs, 104 GB RAM, and 500 GB of attached disk space to meet the computational need. Hemant Kelkar developed a custom Linux image with the tools needed for the class including R, conda, and jupyter. Final configuration and testing was completed just days prior to the start of the workshop with 30 identical custom Ubuntu Linux systems ready for student use.

    • Megacable taps Oregan Networks for set-top upcycling

      Oregan says that the latest release of the Linux-based Zenterio OS enables UX performance gains, as well as enabling access to premium content applications such as Netflix and Amazon Prime Video on the installed base of set-tops.

    • Desktop/Laptop

      • Make Use Of7 Ways Windows 11 Is Similar to Linux Desktops [Ed: Microsoft is basically copying GNU/Linux or KDE]

        While Windows and Linux have long since been rivals, Windows 11 is more like a desktop Linux distribution than you might think, no matter which side of the aisle you're on. Here are some of the reasons why.

        [...]

        Linux desktops and macOS have had a similar feature. Microsoft had its own "gadgets" for a while before discontinuing the idea, but it seems to have come back. It's the latest iteration of an "active desktop" incorporating content downloaded from the internet. It seems that Microsoft can't give up on the idea as other OSes implement this feature.

    • Audiocasts/Shows

      • VideoUbuntu 22.04 Is Unstable & Systemd OOMD Is Why! - Invidious

        Have apps been randombly crashing on Ubuntu 22.04, you leave your system for a bit and all your work is gone, and sometimes even the Gnome shell, well cause is a new tool brought into Ubuntu 22.04 called Systemd OOMD

      • Linux in the Ham ShackLHS Episode #471: Hamshack Hotline Deep Dive (Part 1)

        Welcome to the 471st installment of Linux in the Ham Shack. In this episode, we take a look into the amateur radio operator related PBX system called Hamshack Hotline. HH is a network of hams around the world connected with VoIP phones which can be used for ragchew, tactical communication, troubleshooting and more. This Part 1 episode looks at the hardware and software requirements, documentation, initial setup procedure, common features and use cases and more. Thanks for listening and have a great week. Also, try out HH. It's a lot of fun.

      • FLOSS Weekly 685: DIDs and DIDcomm - Sam Curren, Importance of DIDs

        Sam Curren unpacks for Doc Searls and Dan Lynch why DIDs and DIDcomm are the best approach to identity—and to making people first-class citizens on the Internet. Curren also discusses the origin story of picos and the advantages of nomadic living and hacking.

      • mintCast Pocast387.5 – If you were to build a distro… – mintCast

        00:33 Linux Innards 33:47 Vibrations From the Ether 42:33 Announcements

        In our Innards section we discuss how we would build our own distro

    • Kernel Space

      • Make Use OfFwupd 1.7.8 Takes the Pain out of Linux Firmware Updates

        Fwupd version 1.7.8, a tool for updating firmware from Linux, has been released. The new version adds more supported devices and improves existing hardware support.

        What's New in Fwupd 1.7.8?

        Fwupd 1.7.8 mainly concentrates on enhancing hardware support. The new version adds support for PixArt and FlatFrog devices. There are also a number of bug fixes to improve reliability when installing firmware with certain devices.

        The program can be downloaded directly from the project's GitHub page or installed using a standard Linux package manager.

    • Graphics Stack

      • CollaboraAdding secondary command buffers to PanVk

        For those who don't know yet, Panfrost is the open source OpenGL driver for the ARM Mali Midgard, Bifrost (and soon Valhall) GPU series. This driver is in a pretty good state already (see the conformance status here). On the other hand, we have PanVk, the open source Vulkan driver), and as can be guessed from the PAN_I_WANT_A_BROKEN_VULKAN_DRIVER=1 environment variable that is needed to have it loaded properly, it is still in its early days.

        My internship, which started in December 2021 and wrapped up recently, was about getting PanVk closer to conformancy by implementing one of the core Vulkan features: support for secondary command buffers.

        But before we dive into implementation details, let's take a step back to explain what command buffers are, why Vulkan introduced this concept, and what makes secondary command buffers different from the primary counterpart.

    • Applications

      • Make Use OfThe 7 Best Command-Line Music Players for Linux

        Linux has a powerful command line, and it is an essential utility for major operations in the Linux operating system. It is particularly useful for system-level administrative tasks such as installing or uninstalling software, folder or file operations, user management, and much more.

        Linux command line also provides a unique and not-so-well-known music player feature. You can listen to your favorite music using music players based on the command line.

        These music players are fast and consume less memory compared to GUI apps. So, let’s look at some of your best options for command-line music players.

    • Instructionals/Technical

      • TechRepublicHow to install the SFTPGo STFP server on Ubuntu 22.04 | TechRepublic

        SFTPGo is an open-source SFTP server that is highly configurable and offers plenty of features to make it a viable option for just about any type of business or even home usage. SFTPGo supports a number of storage backends, such as local filesystem, encrypted file systems, S3 Object Storage, Google Cloud Storage, Azure Blob Storage, and even other SFTP Servers.

        SFTPGo is available for Linux, FreeBSD, macOS, and Windows. I want to walk you through the process of deploying SFTPGo on Ubuntu Server 22.04, so you can enjoy a fully-featured SFTP server on your network.

      • ZDNetHow to enable Linux on your Chromebook (and why you should) | ZDNet

        A few years ago, Google made it possible to add Linux support to Chrome OS. By doing this, anyone could install Linux apps on their Chromebook and take advantage of the powerful Linux command-line interface.

        For any Chromebook user who'd like to be able to run more standard applications, this is a great way to expand Chrome OS. And, because it's Linux, there are tons of applications that can be installed. For instance, if you prefer a regular email client, you can install the likes of Thunderbird or Geary. Want a different browser? Install Firefox. Need an image editor? Install GIMP.

      • HowTo ForgeHow to Install PhpMyAdmin with Free Let's Encrypt SSL on Ubuntu 22.04

        phpMyAdmin is a free, open-source, and web-based application used for managing databases via a web browser. It provides a simple and user-friendly web interface that helps database administrators to query and manage MySQL and MariaDB databases.

      • uni TorontoIn general Unix system calls are not cancellable, just abortable

        One of the common wishes in environments and languages that support concurrency is for (Unix) system calls to be cancellable in the way that other operations often are. Unfortunately this is not practical, which is part of why a lot of such environments don't try to support it (Go is famously one of them, which makes people unhappy since it does have a 'context' package that can cancel other things).

        All or almost all Unix system calls can be aborted, which is to say that you can interrupt them before they complete and force control to return to the program. However, when you abort a system call this way the effects of the system call may be either incomplete or indeterminate, leaving you with either broken state or unusable state (or at least a peculiar state that you have to sort out). For example, if a close() is aborted, the state of the file descriptor involved is explicitly unknown. Only some Unix system calls can be cancelled, which is to say stopped with things in some orderly and known state. Often these system calls are the least interesting ones because all they do is inquire about the state of things, such as what file descriptors are ready or whether you have dead or stopped children.

        Some interesting system calls can be cancelled under some but not all situations using special mechanisms that may have side effects. You may be able to relatively cleanly cancel certain network IO by setting the file descriptor to non-blocking, for example, but this will probably have done some IO and might affect other threads if they immediately try to do IO on the file descriptor before you can set it back to blocking.

      • Linux.orgKOMOREBI - Active Desktop Wallpaper | Linux.org

        Komorebi (koh-moh-rey-bee) is Japanese for the light that filters through the leaves of the trees. This can paint a beautiful picture in the imagination.

        What Komorebi is, is a program to allow for active desktop wallpaper. Which means you can have wallpaper that is visually interactive. Moving wallpaper or live websites.

      • Linux Cloud VPSHow to Install Matrix Synapse on Ubuntu 20.04 | LinuxCloudVPS Blog

        In this tutorial, we are going to show you how to install Matrix Synapse on Ubuntu 20.04 OS.

        Matrix Synapse is an open-source chat application written in Python, used for real-time communication for VOIP services and instant messaging. Synapse is developed to implement the matrix for decentralized communication which can store personal data from the chat history, user data and etc. In this tutorial, we will install Matrix Synapse with Apache as a reverse proxy.

        The installation is very easy and can take up to 30 minutes. Let’s get started!

      • ID RootHow To Install Hestia Control Panel on Debian 11 - idroot

        In this tutorial, we will show you how to install Hestia Control Panel on Debian 11. For those of you who didn’t know, Hestia Control Panel is a robust, open-source web hosting control panel that can be used to manage websites, mail servers, DNS, and other web hosting functions from one central dashboard without the hassle of manually deploying and configuring individual components or services.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Hestia Control Panel on a Debian 11 (Bullseye).

      • LinuxOpSysHostname Command in Linux - 12 Examples with All Options

        A hostname is a name that is given to a computer and used to identify the computer in a network. In this tutorial, we learn about hostname command in Linux with practical examples.

      • Linux Made SimpleHow to install Ultimate Sonic Mugen on a Chromebook

        Today we are looking at how to install Ultimate Sonic Mugen on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

    • Desktop Environments/WMs

  • Distributions and Operating Systems

    • BSD

      • OpenBSD

        I've used Linux for a while and know my way around it and like system administration, so, to propose a challenge to myself, I'm trying OpenBSD. This is the first ever BSD I use. The closest BSD-like system I've used is probably Void Linux, as it resembles the BSDs with the package management inspired by ports.

        I've went ahead and got OpenBSD 7.1 and flashed it to my USB drive. I've went through the installation setup, I like the question-based installer, especially the fact that you can drop to a shell anytime and resume it. After rebooting, I took care of installing doas(1), and I went with an X session to see if I can get it all working. Compiling my suckless utilities has been fine, no problems whatsoever, the required development packages have been included in the X set and everything compiled fast with no issues. X ran out of the box, I just copied my xinitrc over and that was it.

      • New team member: Mehmet Mert Gunduz

        We are happy to announce that Mehmet Mert Gunduz has joined our team. He did a great job modernizing the NomadBSD website.

    • Canonical/Ubuntu Family

      • LinuxInsiderUbuntu Core 22 Release Addresses Challenges of IoT, Edge Computing | LinuxInsider

        Canonical is pushing the security and usability conveniences of managing internet of things (IoT) and edge devices with its June 15 release of Ubuntu Core 22, the fully containerized Ubuntu 22.04 LTS variant optimized for IoT and edge devices.

        Combined with Canonical’s technology offer, this release brings Ubuntu’s operating system and services to a complete range of embedded and IoT devices. The new release includes a fully preemptible kernel to ensure time-bound responses. Canonical partners with silicon and hardware manufacturers to enable advanced real-time features out of the box on Ubuntu Certified Hardware.

        “Our goal at Canonical is to provide secure, reliable open-source everywhere — from the development environment to the cloud, down to the edge and to devices,” said Mark Shuttleworth, CEO of Canonical. “With this release and Ubuntu’s real-time kernel, we are ready to expand the benefits of Ubuntu Core across the entire embedded world.”

        One of the important things about Ubuntu Core is that it is effectively Ubuntu. It is fully containerized. All the applications, kernel, and operating system are strictly confined snaps.

      • ZDNetUbuntu Core brings real-time processing to Linux IoT

        Most of you know Ubuntu as a desktop operating system; others know it as an outstanding server Linux or as a tremendously popular cloud OS. But Canonical, Ubuntu's parent company, is also a serious player in the Internet of Things (IoT) arena. And with its latest IoT release, Ubuntu Core 22, Canonical brings real-time processing to the table.

      • NeowinCanonical releases Ubuntu Core 22 designed for IoT and embedded devices - Neowin

        Canonical has announced the release of Ubuntu Core 22, a version of Ubuntu 22.04 LTS that is fully containerised and designed for IoT and embedded devices. If you have some use cases for Ubuntu Core 22, you can download it now.

        On Ubuntu Core, all of the software is containerised – this is a fancy way of saying everything comes as a snap package. This allows seamless over-the-air updates of the kernel, operating system, and applications. By using snaps, apps won’t run into any dependency issues as they are all packaged with the software. If anything goes wrong with an update, the system will automatically roll back to the previous working version.

        Canonical describes Ubuntu Core 22 as low touch because it comes with enhanced security measures out of the box. These measures include secure boot, full disk encryption, secure recovery, and strict confinement of the OS and apps. Canonical delivers 10 years of updates for Ubuntu Core 22 so once you have it in place you won’t need to mess with it for a while.

  • Free, Libre, and Open Source Software

    • RlangCommunication & Collaboration with Contributors in an Open-Source Organization | R-bloggers

      At rOpenSci, many packages are maintained by volunteer community members, and similarly at The Carpentries lessons are maintained by volunteer community members. We’re very thankful for the effort our volunteers put into that role and our organisations could literally not run without their work. However, sometimes infrastructure changes are decided centrally. For example, requiring two-factor authentication for all GitHub organization members at rOpenSci or overhauling the foundation of the lesson infrastructure at The Carpentries. In this post, we shall share some insights from our experiences regarding how we, as staff members, best support our volunteers through these transformations.

    • HaikuOS[GSoC 2022] XFS : Community Bonding Progress | Haiku Project

      I started my work with moving CRC calculation files from ext2 driver to shared folder (so that it can be used by every other filesystem that needs it) and made it fs_shell compatible. CRC’s are used to detect minor corruption in filesystem and is one of the major features introduced for xfs version 5 as metadata checksumming.

      Being a math nerd I was quite intrigued by how crc’s are getting calculated, so I thought why not study about it in depth?

      I referred to “A Painless Guide to CRC Error Detection Algorithms” book and got basic understanding of how crc is calculated, which polynomials are used, brute force method for computing crc and finally optimised tabular approach. Don’t go by book title though, it was anything but painless :')

      After that I quickly moved to implementing xfs V5 superblock fields, Macros, functions for checksum verification, and other essential stuff.

      Soon I hit a bug in superblock CRC verification and it took me quite some time to get it all fixed, shoutout to PulkoMandy for helping me get all things right in crc verification for superblock and answering lots of my queries.

    • GNU Projects

      • LinuxiacGIMP 2.10.32 Image Editor Comes with a Host of New Features

        GIMP 2.10.32 comes with support for 8 and 16-bit CMYK TIFF files, support for localized glyphs, and many other features.

        GIMP has traditionally been recognized as one of the best free alternatives to professional image editing software such as Photoshop. It is a bitmap/pixel-based image editing software that can be used to edit and retouch photos and create images and animations.

        While the 2.10.30 version released half a year ago was primarily a bugfix release, the new GIMP 2.10.32 focuses on improvements and new features. Let’s take a look at them.

      • Ubuntu HandbookGIMP 2.10.32 Released with BigTIFF / JPEG-XL Support [Ubuntu PPA]

        GIMP image editor released a new update for its stable 2.10 release series. Here’s what’s new and how to install in Ubuntu.

        GIMP 2.10.32 comes with BigTIFF file import/export support, which is an evolution of the original TIFF format allowing files bigger than 4GiB. It also supports for importing 8 and 16-bit CMYK(A) TIFF in this release.

      • TalerGNU Taler Scalability

        Anonymity loves company. Hence, to provide the best possible anonymity to GNU Taler users, the scalability of individual installations of a Taler payment service matters. While our design scales nicely on paper, NGI Fed4Fire+ enabled us to evaluate the transaction rates that could be achieved with the actual implementation. Experiments were conducted by Marco Boss for his Bachelor's thesis at the Bern University of Applied Sciences to assess bottlenecks and suggest avenues for further improvement.

    • Programming/Development

      • EarthlyValidate Your YAML (with CUE)

        I’ve complained before about using YAML when a programming language is what’s needed. But, when you’ve got configuring to do, YAML is pretty useful. It’s so much nicer to read and write than the XML I had to write back in the early days of Java development. But one advantage XML had over YAML was that XML schemas were commonly used and so I wouldn’t get errors like this...

      • RlangExploring your database with shiny | R-bloggers

        Several of my recent blog posts have been focussed on using {purrr} and {glue} to programatically query a database.

        This is something I’d been wanting to achieve for some time, but my efforts got put on hold when COVID-19 came along.

        The general approach is to use a config file to denote the relevant tables and columns, along with the server and database details.

        These then get fed into flexible SQL queries, using purrr to loop over each table then merging the results.

        Over the last few weeks at work I have been refining this and building a shiny dashboard to visualise the data.

    • Standards/Consortia

      • Edward BettsFind link needs a rewrite, the visual editor broke it

        Find link is a tool that I wrote for adding links between articles in Wikipedia. Given an article title, find link will find other articles that include the entered article title but no link to the article. There is the option to edit the found articles and add the missing link.

      • Chen HuiJingCSS card shadow effects

        Card-style components are pretty much still a thing these days, and there are many ways to make a bunch of identical rectangles look prettier. I’m quite fond of the pop art, or maybe it’s more of a comic book style art direction that uses thick bold outlines and bright colours.

  • Leftovers

    • A confession...

      I have something to confess. I don't really know how to put this into words but I feel like a failure. It's not because I have certain expectations of myself or because of any event that happened... It's just that I can't keep promises with myself.

    • Creative universe

      I have been participating in an annual work-internal project contest (we call it Pet Project contest) since I moved to London and switched jobs to my current employer

    • elizabeth hardwick

      Among Hardwick’s most notable contributions to American letters is The New York Review of Books. In “The Decline of Book Reviewing,” a mission statement for the periodical she would launch to such prominence, Hardwick argues for the necessity of rehabilitating the art of aesthetic judgment in literary matters.

    • Science

      • Lessons From Deploying Deep Learning To Production

        When I started my first job out of college, I thought I knew a fair amount about machine learning. I had done two internships at Pinterest and Khan Academy building machine learning systems. I spent my last year at Berkeley doing research in deep learning for computer vision and working on Caffe, one of the first popular deep learning libraries. After I graduated, I joined a small startup called Cruise that was building self-driving cars. Now I’m at Aquarium, where I get to help a multitude of companies deploying deep learning models to solve important problems for society.

      • IEEEWhat Is Quantum Entanglement? - IEEE Spectrum

        When pushed to explain why quantum computers can outspeed classical computers, stories about quantum computing often invoke a mysterious property called “entanglement.” Qubits, the reader is assured, can somehow be quantum mechanically entangled such that they depend on one another. If more detail is needed, the reader is told that entanglement links qubits no matter how far apart they are—so long as the qubits are “coherent.”

        For the reader, things are far from coherent. Sure, entanglement is an important aspect of quantum computing. But what exactly is it?

        In a few words, entanglement is when multiple objects—such as a pair of electrons or photons—share a single quantum state. Like threads in a tangle of yarn, entangled objects cannot be described as independent entities.

        That explanation might be poetic, but it shouldn’t be satisfying. Things are not so simple or concrete. But with a little bit of high-school-level math (near the end of this story), our intuitions—based on a lifetime of classical physics—can be retrained and redirected just a bit.

    • Hardware

      • The Register UKLenovo opens first in-house European factory in Hungary ● The Register

        Lenovo has officially opened its first manufacturing facility in Europe, to locally build servers, storage systems and high-end PC workstations for customers across Europe, Middle East, and Africa.

      • Ruben SchadeMy own drive reliability stats

        Backblaze publishes drive reliability data at scale, but what about a random person on the Internet with his small homelab setup? For all my talk about drives over the years, I’ve never shared my own broad experience.

        These are the drive manufacturers I’ve had since 2017, with failures defined as having multiple ZFS scrubs detecting bad sectors, or the drive outright failing to turn on.

    • Health/Nutrition/Agriculture

      • Off GuardianPouring Poison and Planting Seeds of Dependency

        However, there has been intense lobbying from the agriculture biotech industry to weaken the legislation, aided financially by the Gates Foundation.

        Since 2018, top agribusiness and biotech corporations have spent almost €37 million lobbying the European Union. They have had 182 meetings with European Commissioners, their cabinets and director generals. More than one meeting a week.

      • Stacy on IoTWasting away again in Margaritaville - Stacey on IoT | Internet of Things news and analysis

        I swear at some point I will stop writing about COVID-19, but in the meantime, it keeps affecting my life. I spent this past week holed up in a hotel room in Puerto Rico while taking care of my teenager, who caught COVID on a class trip. And since this is my second forced quarantine during travel, I’ve once again been forced to question why I’m stuck in another hotel as part of a quarantine.

        In the U.S., COVID is clearly continuing to spread among the population. But while on one hand we are told to quarantine, on the other hand we are also allowed to get on planes and travel domestically without having to be tested or wear masks. That said, my focus here is not on our inconsistent (and at times incomprehensible) COVID-related travel requirements, but on our exposure notification programs, because that’s where my personal drama connects with my professional interests.

    • Proprietary

      • Krebs On Security“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison – Krebs on Security

        A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.

      • Oli Warner: Goodbye Internet Explorer

        But what will people download Chrome with now?

        Raise a glass, kiss your wife, hug your children. It’s finally gone.

      • DaemonFC (Ryan Farmer)The death of Internet Explorer has been greatly exaggerated

        The death of Internet Explorer has been greatly exaggerated.

        Yesterday and today, there have been numerous articles about Microsoft “removing” Internet Explorer from Windows (it has never been usable in Windows “11” apparently, but has been “removed” from Windows 10).

        But like other mistakes and cruft, Internet Explorer is a part of the Win32 API and cannot be removed without bricking numerous applications and Web sites, and corporate Intranet applications, so it is still there. You just can’t use it directly.

        Microsoft has disabled about 1% of Internet Explorer, which was the part that you could visibly see, and open as an application. The other 99%, the MSHTML “Trident” engine is still there. In fact, you could write or run a Web browser that embeds it and continue to browse with it now, although that would be a serious mistake due to its infamous security history and incompatibility with standards-compliant Web sites.

        In fact, Windows now embeds MSHTML/Trident into their latest disaster, the Chromium-based Edge, which is packed with malware and spyware directly from Microsoft, including a keylogger trojan called “SmartScreen” and “Windows Defender”.

        In the sense that Windows Defender is a security program, it’s like being accused of a crime as a poor person in America and getting stuck with the public defender, which your county funds 5-10% as much as the other guys who may be trying to frame you. In the sense that it sends your keystrokes and file hashes to Microsoft, it’s malware in and of itself.

    • Linux Foundation

    • Security

      • eSecurity PlanetRapid7 InsightIDR Testing & Review

        As companies continue to get breached by the hour, IT and security teams are constantly scrambling their defenses in hopes of eradicating attackers from their networks. The (sort of) good news is that security software and hardware vendors are overflowing with product and service offerings designed to help you. Many of them even promise to keep the bad guys and gals out of your systems 24 hours a day, 7 days a week!

        So all you have to do is get out your credit card, install one of these products and get a good night’s sleep, right? Unfortunately, during the penetration tests we do for clients around the country, we find time and time again that these expensive security solutions have considerable blind spots. Many fail to fully detect even the most basic attacks. And security products also need to be fine-tuned for your environment; default settings will not cover all concerns specific to your environment.

      • FOSSLifeWhat Does Zero Trust Mean? [Ed: This has been turned into a cynical buzzphrase leveraged by companies that put back doors inside things]

        With the continued rise of security breaches, ransomware attacks, and other cybersecurity threats, now is the time to update and improve your security policies and practices. And, in the context of developing a cybersecurity strategy, you’ll likely see the term “zero trust” mentioned frequently, but what does it mean?

        The zero trust concept has been around for a while to describe strict security and access control policies implemented as companies have outgrown the old, perimeter-based “trust but verify” approach. In fact, NIST released a special publication explaining the basics of Zero Trust Architecture back in 2020. In this article, we’ll look more closely at what zero trust does and does not mean.

      • CSONebulon bakes bare-metal Linux ransomware protection into the bootloader [Ed: As if the bootloader is the risk; this is marketeering from Jon Gold, who came back just for this]

        Smart infrastructure vendor Nebulon today announced that its latest offerings provide newly hardened backups for configuration and snapshots, in an effort to add a new tool to the antiransomware arsenal for Linux systems.

        The idea, according to Nebulon, is to protect against the problem of misconfigured servers and dated server configurations in Linux systems. This is a particularly serious problem in IT shops where configuration and patch management aren't handled in a centrally organized way.

      • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

        • TechRepublicNew botnet and cryptominer Panchan attacking Linux servers | TechRepublic

          Panchan is going after telecom and education providers using novel and unique methods to thwart defenses and escalate privileges.

        • Silicon AnglePanchcan’ P2P botnet and SSH worm actively breaching Linux servers [Ed: Here they go again blaming Go, an actual computer language, and a kernel... for having malware installed on top of it... somehow]

          Researchers at Akamai Technologies Inc. today said they have discovered a new peer-to-peer botnet and SSH worm that has been actively breaching Linux servers. Dubbed “Panchan,” the botnet and SSH worm was first spotted in March and is written in the Golang programming language.

    • Defence/Aggression

    • Transparency/Investigative Reporting

      • Xe's BlogSite Update: Salary Transparency Page Added - Xe

        Image generated by MidJourney -- hatsune miku, elden ring, dark souls, concept art, crowbar I have added a salary transparency page to the blog. This page lists my salary for every job I've had in tech. I have had this data open to the public for years, but I feel this should be more prominently displayed on my website.

        As someone who has seen pay discrimination work in action first-hand, data is one of the ways that we can end this pointless hiding of information that leads to people being uninformed and hurt by their lack of knowledge. By laying my hand out in the open like this, I hope to ensure that people are better informed about how much money they can make, so that they can be paid equally for equal work.

        Raw, machine processable data (including employer names) is available at /api/salary_transparency.json. The JSON format is not stable. Do not treat it as such. I reserve the right to change the formatting or semantics of the JSON format at any time without warning. The raw data is in /dhall/jobHistory.dhall in my site's git repository.

    • Finance

      • RetailWireFood prices are going up, up, up. Inflation is tough, tough, tough. – RetailWire

        The Bureau of Labor Statistics on Friday reported that food-at-home prices rose 11.9 percent over the last 12 months, the largest increase since April 1979.

        Categories experiencing the largest price hikes were typically meal staples.

        Among categories seeing notably high inflation in May were eggs, up 32.2 percent year over year; butter and margarine, 20.2 percent; chicken, 17.4 percent; citrus fruits, 16.1 percent; milk, 15.9 percent; coffee, 15.3 percent; ground beef, 13.6 percent; baby food, 12.9 percent; and rice, pasta and cornmeal, 12.8 percent. Food-away-from-home prices rose 7.4 percent.

    • Civil Rights/Policing

      • AccessNowU.N. experts at RightsCon: digital rights violations enable and escalate violence during crises - Access Now

        As RightsCon 2022 — the world’s leading summit on human rights in the digital age — concludes, the work to drive global change continues.

        Access Now welcomes a timely U.N. Special Rapporteur joint statement that draws the world’s attention to digital rights in conflict and humanitarian crises, released at the conclusion of the 11th iteration of the global summit.

        The five U.N. Special Rapporteurs — who actively engaged at RightsCon on June 6-10 — emphasize that digital rights violations enable and escalate offline violence, deepening conflict and humanitarian crises worldwide. In particular, they shone the spotlight on “shrinking civic space and rising digital authoritarianism through internet shutdowns, targeted surveillance, cyber and physical attacks on critical broadcast and communications infrastructure, the use of drones by domestic law enforcement, as well as disinformation and smear campaigns,” during such crises — where they ultimately stressed “the need for accountability under international law.”

    • Digital Restrictions (DRM)

      • DaemonFC (Ryan Farmer)Sonos sends unwanted speakers, bills customers for all of them, and then demands them back for a refund.

        According to US federal law, if someone sends you something you didn’t order, you can keep it, use it, and don’t have to pay for it, so it’s unclear how this is even legal.

        They even sent one customer who ordered five items six of each item, for a total of thirty shipments resulting in a bill for more than $15,000.

        This is actually very easy to dispute. Initiate a credit card billing dispute/chargeback, which is your right under federal law.

        Explain to your credit card company that you did not order all of the products that Sonos sent you.

        Send the card company a letter to this effect and a copy of your original invoice for what you ordered.

        [...]

        You may have to go back and forth with the card company several times explaining the FTC’s rule, but you should be able to chargeback the unapproved amount and keep the stuff.

        Then file a complaint against Sonos with the FTC and your state’s Attorney General’s office.

        When you are done, the unwanted merchandise is yours to keep, give away, donate, or sell. And it’s the law.



Recent Techrights' Posts

Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries
Links 26/03/2024: Inflation Problems, Strikes in Finland
Links for the day
Gemini Links 26/03/2024: Losing Children, Carbon Tax Discussed
Links for the day
Mark Shuttleworth resigns from Debian: volunteer suicide and Albania questions unanswered, mass resignations continue
Reprinted with permission from Daniel Pocock
Links 26/03/2024: 6,000 Layoffs at Dell, Microsoft “XBox is in Real Trouble as a Hardware Manufacturer”
Links for the day
Gemini Links 26/03/2024: Microsofters Still Trying to 'Extend' Gemini Protocol
Links for the day
Look What IBM's Red Hat is Turning CentOS Into
For 17 years our site ran on CentOS. Thankfully we're done with that...
The Julian Paul Assange Verdict: The High Court Has Granted Assange Leave to Appeal Extradition to the United States, Decision Adjourned to May 20th Pending Assurances
The decision is out
The Microsoft and Apple Antitrust Issues Have Some But Not Many Commonalities
gist of the comparison to Microsoft
ZDNet, Sponsored by Microsoft for Paid-for Propaganda (in 'Article' Clothing), Has Added Pop-Up or Overlay to All Pages, Saying "813 Partners Will Store and Access Information on Your Device"
Avoiding ZDNet may become imperative given what it has turned into
Julian Assange Verdict 3 Hours Away
Their decision is due to be published at 1030 GMT
People Who Cover Suicide Aren't Suicidal
Assange didn't just "deteriorate". This deterioration was involuntary and very much imposed upon him.
Overworking Kills
The body usually (but not always) knows best
Former Red Hat Chief (CEO), Who Decided to Leave the Company Earlier This Month, Talks About "Cloud Company Red Hat" to CNBC
shows a lack of foresight and dependence on buzzwords
IRC Proceedings: Monday, March 25, 2024
IRC logs for Monday, March 25, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Discord Does Not Make Money, It's Spying on People and Selling Data/Control (38% is Allegedly Controlled by the Communist Party of China)
a considerable share exists
In At Least Two Nations Windows is Now Measured at 2% "Market Share" (Microsoft Really Does Not Want People to Notice That)
Ignore the mindless "AI"-washing
Internet Relay Chat (IRC) Still Has Hundreds of Thousands of Simultaneously-Online Unique Users
The scale of IRC