Bonum Certa Men Certa

Links 13/10/2022: PostgreSQL 15, Linux Kernel WLAN Bug, and 'Ads' in the Ubuntu Terminal Upset Users



  • GNU/Linux

    • Desktop/Laptop

    • Audiocasts/Shows

    • Kernel Space

      • Sec ListsVarious Linux Kernel WLAN security issues (RCE/DOS) found
      • LWN[oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) found
        Security Researcher Soenke Huster from Tu Darmstadt (
        shuster@seemoo.tu-darmstadt.de ) emailed SUSE with a buffer overwrite in
        the Linux Kernel mac80211 framework triggered by WLAN frames.
        
        

        We delegated the issue to the kernel security folks, and Soenke and Johannes Berg from Intel evaluated and worked on this issue.

        During their research they found multiple more problems in the WLAN stack, exploitable over the air.
      • LWNSome remotely exploitable kernel WiFi vulnerabilities [LWN.net]

        It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.

    • Benchmarks

      • NeowinWindows 11 22H2 can’t keep up with Linux 6.0 and Ubuntu 22.10 on AMD Ryzen 7950X - Neowin

        The last month or so has been pretty eventful when it comes to product launches. Among them, some of the biggest highlights have been the release of the Windows 11 version 2022 (22H2) feature update and AMD's Zen 4-based Ryzen 7000 CPUs. As such, Phoronix decided to take the flagship Ryzen 9 7950X for a ride on the new Windows 11 22H2 update and compare it against other Linux-based distros.

    • Applications

      • Make Use OfHow to Keep Your Linux System Up to Date With Topgrade

        Upgrading packages on your Linux machine can be cumbersome. Here's how to use Topgrade to update almost everything on your Linux desktop at once.

        Updating a Linux machine is a painstakingly tedious task. One that involves running a bunch of commands to get everything from system elements to third-party packages and tools running on the latest version.

        But thankfully, similar to most things on Linux, there's a tool to facilitate this process too. It's called Topgrade, and it lets you update your entire system using a single command.

        Follow along as we check out Topgrade in detail and show you how you can use it to keep your Linux system up to date.

    • Instructionals/Technical

      • Configuring Centralized Kubectl Access to Clusters With Paralus - Container Journal

        Kubectl is one of the most popular tools used to work with Kubernetes. The command line tool allows you to deploy applications, inspect and manage resources. It basically authenticates with the control plane for your cluster and makes API calls to the Kubernetes API. In short, if you are working with Kubernetes you will use kubectl the most.

      • Kali LinuxCommunity Showcase: Raspberry Pi Zero W P4wnP1 A.L.O.A. | Kali Linux Blog

        The Kali community has been hard at work (as always!), and we want to showcase what we think is a very cool project of Kali Linux on a Raspberry Pi Zero W, the “P4wnP1 A.L.O.A. (A Little Offensive Application)”.

        It takes the standard Kali Linux image and adds custom software and some extra firmware designed for the Raspberry Pi Zero W to turn it into a Swiss Army knife of attacks and exfiltration.

        This blog post will be a brief overview of how to get started using the web interface, setting up a trigger as well as installing additional packages found in Kali Linux. There is a lot more to P4wnP1 than this blog post goes over, which is why we have included additional reading material from the community which cover additional attack scenarios as well as more payloads that people have written if you want to go deeper!

        If you have a Raspberry Pi Zero W, we highly recommend giving this image a try. We see this as a great tool in any tester’s toolkit!

      • H2S MediaHow to set Terminator as default terminal in Ubuntu 22.04 or 20.04

        Get the simple steps to install and set the Terminator terminal as the default one on Ubuntu 22.04 Jammy Jellyfish or 20.04 Focal fossa to run the commands.

        If you are looking for a great Terminal emulator for the GNOME desktop environment, the Terminator Terminal emulator is one of the best for you. Among other features of the Terminator emulator, it solves the problem associated with opening multiple tabs in a single Terminal window. You can seamlessly arrange the Terminal tabs with Terminator.

        Terminator basically comes with a lot of customization options, which can help you arrange the Terminals in a grid-shaped arrangement, besides support for multiple tabs. With the number of key bindings, you can carry out the most common activities, and you can easily drag and drop tabs for the purpose of ordering them and enjoy a streamlined workflow. Terminator has support typing the same text in multiple Terminal instances at the same time, which can also be useful in certain situations. Learn how to install Terminator on Ubuntu 22.04 Linux.

      • OSNoteHow to Install UrBackup on Ubuntu 22.04 - OSNote

        Keeping backup regularly on the live server is a very challenging task for a system administrator. It helps the user or an administrator to recover the data in case of system failure and even data loss. For that purpose, various free backup tools are available to maintain the backup of your system regularly. UrBackup is one of the most commonly used client/server backup tools that support various file formats images as well as system file backups. Users can install this tool on both Windows and Linux operating systems. The adaptable feature of the UrBackup tool is that it does not interrupt the current working of a system while the target system is running and creates a backup in a parallel way.

        We will learn in this guide how to install the UrBackup server on an Ubuntu 22.04 and Ubuntu 20.04 system.

      • ID RootHow To Install OpenSCAP on Ubuntu 22.04 LTS - idroot

        In this tutorial, we will show you how to install OpenSCAP on Ubuntu 22.04 LTS. For those of you who didn’t know, OpenSCAP is the best tool for performing security audits and provides a great way to check systems vulnerability. It also integrates with other specifications like CPE, CCE, and OVAL to produce a SCAP-expressed checklist that can be processed by SCAP-validated products.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the OpenSCAP security audits on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • HowTo ForgeHow to Install Monica Personal CRM on Debian 11

        Monica CRM is a free and open-source CRM (Customer Relationship Manager) written in PHP.

      • HowTo ForgeHow to Install Dozzle Real-Time Log Viewer for Docker Containers on Ubuntu 22.04

        Dozzle is a simple, lightweight, and real-time log viewer application. It allows you to monitor docker container logs via a web-based interface. In this post, we will show you how to install Dozzle log viewer on Ubuntu 22.04.

      • HowTo ForgeHow to Install UVdesk Helpdesk System on Ubuntu 22.04

        UVdesk is an open-source Saas-based helpdesk system for companies to interact with their customers and offer round-the-clock support. Its features include ticket management, knowledgebase support, canned replies, and automatic ticket generation based on emails.

      • HowTo ForgeHow to Install Shopware with Nginx and Free Let's Encrypt SSL on Ubuntu 22.04

        Shopware community edition is a free and open-source shopping cart platform used that allows you to start your own online shop on the web. It is written in Symfony and Vue.js and based on a modern technology stack. In this tutorial, we will show you how to install Shopware CE with Nginx and Let's Encrypt on Ubuntu 22.04.

      • VituxHow to password protect files using Vim editor in Ubuntu - VITUX

        Vim is one of the most powerful and popular open-source command-line text editors.

      • Linux Shell TipsHow to Find and Batch Rename Multiple Files in Linux

        This article guide demonstrates the use of several Linux commands to successfully query the existence of a file or several files before renaming them.

        Linux offers multiple terminal command solutions for renaming files regardless of the different paths or locations associated with the targeted files. Renaming a single file is easy but what happens when you have multiple files that should be instantaneously renamed?

        This article guide provides an answer to this question.

      • Its FOSSInstall Gedit on Ubuntu 22.10 and Make it Default Text Editor - It’s FOSS

        GNOME has a brand new text editor to replace the good old Gedit editor.

        While it was already available with GNOME 42, Ubuntu 22.04 relied on Gedit.

        This is changing in Ubuntu 22.10. GNOME Text Editor is the default here and Gedit is not even installed.

      • H2S MediaHow to set Alacritty as Default Terminal in Ubuntu 22.04 or 20.04

        Learn the steps to set Alacritty emulator as the default Terminal on Ubuntu 22.04 Jammy or 20.04 Focal fossa to run commands.

        Alacritty terminal is known for its fast speed. It’s written in Rust and uses OpenGL for rendering to be the fastest terminal emulator available. It is the simplest terminal emulator for Linux because the developers want to increase its performance of it. That means you won’t find things like tabs, splits, or GUI config editor. Therefore, this terminal is for those who are Linux using some old system or have limited resources or looking for a performance-centric Terminal.

        It is not for those who want some fancy Terminal with dozens of features such as Tabby and Terminator instead a simple, minimal one that can use the GPU to enhance the performance. Well, it is a relatively new Terminal as compared to other popular names such as Gnome terminal or XFCE terminal.

        Here in this tutorial article, where we know how to set Alacritty as the default terminal application on Ubuntu 22.04 or 20.04 Linux…

      • AddictiveTipsHow to use alternate browsers on your Chromebook

        The best thing Google ever did for Chrome OS is to allow users to install Linux apps via the Chrome OS Linux container system. Before the container system, installing alternative web browsers on a Chromebook was impossible.

        However, before installing Firefox, Opera, Edge, Brave, or any other web browser, Linux support on Chrome OS needs to be enabled. Follow the steps below to enable Linux on your Chromebook.

      • OSTechNixHow To Monitor User Activity In Linux - OSTechNix

        As a Linux administrator, you need to keep track of all users' activities. When something goes wrong in the server, you can analyze and investigate the users' activities, and try to find the root cause of the problem. There are many ways to monitor users in Linux. In this guide, we are going to talk about GNU accounting utilities that can be used to monitor the user activity in Linux.

      • Red HatHow to deploy JBoss EAP applications with OpenShift Pipelines

        In my previous article, How to migrate your Java applications to Red Hat OpenShift, you learned about the steps involved with building and deploying Red Hat JBoss Enterprise Application Platform applications to OpenShift.

      • How to Create a File in Linux

        In this tutorial, we’re going to show you how to create a file in Linux. The easiest way of doing this is through the CLI, but you can also do it via the GUI. We’ll include step-by-step instructions for both methods.

      • TechTargetHow to configure and customize Kali Linux

        Penetration tests help determine whether vulnerabilities and weaknesses are present in corporate systems. An array of pen testing tools are available, including the Kali Linux distribution, which provides everything an ethical hacker needs to effectively test a company's systems.

        In Mastering Kali Linux for Advanced Penetration Testing, author and security practitioner Vijay Kumar Velu provides in-depth instructions on how to test a network with Kali Linux. Readers will learn how to select the best tools from the distribution to compromise security, while remaining undetected by services or users.

    • Games

      • FEX 2210 Tagged!

        This month’s release was a bit delayed due to the fact that most of FEX-Emu’s developers were meeting up physically at the X.Org Developer’s Conference this year! Before we talk about this months changes we need to spend a bit of time talking about some cool things.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Timothée Ravier: Akademy 2022: What’s next for Flatpaks in KDE

          Thanks to Fedora sponsorship (both for my travel and the conference itself), I was able to attend Akademy last week in Barcelona. It was great to finally meet in person folks I’ve been working with for the last couple of years.

          I’ll report here on the discussion that happened in the Flatpak Birds of a Feather session. I’ve made another post focused on the talks I found interesting during the conference.

        • Timothée Ravier: Akademy 2022: Conference report

          Thanks to Fedora sponsorship (both for my travel and the conference itself), I was able to attend Akademy last week in Barcelona. It was great to finally meet in person folks I’ve been working with for the last couple of years.

          I’ll highlight here a few talks that I found interesting. I’ve made another post focused on the future for Flatpak support and integration in KDE.

          The full agenda for the two days of conference is at conf.kde.org. You can find the recordings for all talks as raw videos on KDE’s YouTube channel until they are cut into more easily linkable videos.

      • GNOME Desktop/GTK

        • GNOME 43: Endless's Part In Its Creation - Will Thompson



          GNOME 43 is out, and as always there is lots of good stuff in there. (Me circa 2014 would be delighted to see the continuous improvements in GNOME’s built-in RDP support.) During this cycle, the OS team at Endless OS Foundation spent a big chunk of our time on other initiatives, such as bringing Endless Key to more platforms and supporting the Endless Laptop programme. Even so, we made some notable contributions to this GNOME release. Here are a few of them!

          App grid pagination improvements

          The Endless OS desktop looks a bit different to GNOME, most notably in that the app grid lives on the wallpaper, not behind it. But once you’re at the app grid, it behaves the same in both desktops. Endless OS computers typically have hundreds of apps installed, so it’s normal to have 2, 3, or more pages of apps.

          We’ve learned from Endless OS users and partners that the row of dots at the bottom of the grid did not provide enough of a clue that there are more pages than the first. And when given a hint that more pages are available, indicated by those dots, users rarely discovered that they can switch with the scroll wheel or a swipe: they would instead click on those tiny dots. Tricky even for an accomplished mouse user!

          GNOME 40 introduced an effect where moving the mouse to the edges of the screen would cause successive pages of apps to “peek” in. As we’ve carried out user testing on our GNOME 41-based development branch (more on this another time) we found that this was not enough: if you don’t know the other pages are there, there’s no reason to deliberately move your mouse pointer to the empty space at the edges of the screen.

          So, we proposed for GNOME something similar to what we designed and shipped in Endless OS 4: always-visible pagination arrows. What we ended up implementing & shipping in GNOME 43 is a bit different to what we’d proposed, after several rounds of iteration with the GNOME design team, and I think it’s even better for it. Implementing this was also an opportunity to fix up many existing bugs in the grid, particularly when dragging and dropping between pages.

  • Distributions and Operating Systems

    • Fedora Family / IBM

      • EuroLinux 8.7 beta released - the first clone of RHEL 8.7 beta in the world.

        On the 12th of October, we released the EuroLinux 8.7 beta version. It is compatible with the latest version of Red Hat€® Enterprise Linux€® 8.7 beta. It allows you to test technical innovations and compatibility with the upcoming EuroLinux 8.7. Version 8.7 beta includes new versions of developer software (GCC 12, LLVM 14, Rust 1.62.1, NodeJS 18, Ruby 3.1). The changes also apply to system security – NSS no longer supports RSA keys shorter than 1023 bits.

        In this article, we will describe the technical advantages and new capabilities of the EuroLinux ecosystem. We will also present the release notes (release notes) along with the launch documentation. All new items in the release are marked as (New) in the header.

      • Fedora ProjectFedora Community Blog: Community Blog monthly summary: September 2022

        In September, we published 15 posts. The site had 6,850 visits from 4,450 unique viewers. 2,433 visits came from search engines, while 58 came from FOSS Weekly and 35 came from Fedora Discussion.

      • Fedora MagazineFedora Magazine: Contribute at the Fedora Linux Test Week for Kernel 6.0

        The kernel team is working on final integration for Linux kernel 6.0. This version was just recently released, and will arrive soon in Fedora. As a result, the Fedora kernel and QA teams have organized a test week now through Sunday, Oct 16, 2022. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.

      • Fedora ProjectFedora Community Blog: Das Keyboard & Fedora: GIVEAWAYS! [Ed: IBM adds... ads.. to Fedora project.]
      • Enterprisers ProjectCISO: A day in the life | The Enterprisers Project

        Being a CISO is not a job. It’s a calling that requires the mindset of a professional like a police officer or firefighter. And despite the statistics, it’s a career for the long haul.

      • IBM Old TimerEx-IBMer: The Recent Impact of AI on Jobs and Economies

        “Recent developments in Artificial Intelligence (AI) have stoked new fears about large-scale job loss, stemming from its ability to automate a rapidly expanding set of tasks (including non-routine cognitive tasks), and its potential to affect every sector of the economy,” said The impact of Artificial Intelligence on the labour market: What do we know so far?, a recently published report by the Organization for Economic Co-operation and Development (OECD). Founded in 1961 to stimulate economic progress and world trade, the OECD now has 38 member countries around the world.

      • Red Hat OfficialSysadmin fundamentals: Create soft links in Linux | Enable Sysadmin
      • Red HatAdvanced regex: Capture groups, lookaheads, and lookbehinds

        Capture groups, lookaheads, and lookbehinds provide a powerful way to filter and retrieve data according to advanced regular expression matching logic. This article explains capture groups, lookaheads, and lookbehinds, along with the fundamental syntax you need to know in order to write them.

      • @HPCpodcast: Intel Shipping Aurora Blades; Rocky Linux vs. CentOS; Tesla’s 'Dojo' AI Supercomputer - High-Performance Computing News Analysis | insideHPC

        Our overall sense is that Intel made a good impression at its well-crafted and executed Innovation Day, with a whole host of announcements, broken down here by Shahin. We also discuss open source software and the big part it plays in the HPC/AI puzzle, along with the ongoing Linux operating system wars – including the emergence of Rocky Linux after Red Hat’s December 2020 announcement it would no longer support CentOS.

      • Red Hat OfficialRed Hat Names Carolyn Nash as Senior Vice President and Chief Operating Officer

        Red Hat, Inc., the world's leading provider of open source solutions, today announced that Carolyn Nash has been named the company’s senior vice president and chief operating officer, effective immediately. As part of this move, Red Hat is building out the Finance and Operations organization and has named Robert Leibrock senior vice president and chief financial officer and Jim Palermo as vice president and chief information officer. Nash will continue reporting to Red Hat’s president and chief executive officer, Matt Hicks. Leibrock and Palermo will report directly to Nash.

        Nash most recently served as Red Hat’s senior vice president and chief financial officer and was responsible for leading the company’s global finance organization. Before assuming the CFO role in early 2022, Nash was vice president of Finance, overseeing the Global Finance Transformation and Operations (GTO) organization. She has played an integral part in strengthening and growing the company’s finance operation. Before Red Hat, she served in leadership positions at Cisco, Hewlett Packard and KPMG in finance and operational roles.

      • Red Hat OfficialRed Hat and FIWARE Foundation Collaborate to Power Eco-smart Cities with Open Source Technology

        Red Hat, Inc., the world's leading provider of open source solutions, today announced collaboration with FIWARE Foundation, a non-profit association that encourages the adoption of open standards for the development of smart solutions, to build an integrated, smart city platform that can enable cities across the world to be more resilient and improve citizens' wellbeing with data. During a six week residency, Red Hat Open Innovation Labs worked jointly with FIWARE Foundation and Human Oriented Products (HOPU), a solution provider member of the FIWARE community, to create an easy-to-deploy, fully scalable, and robust open source enhanced smart city solution powered by FIWARE, running on Red Hat OpenShift.

      • Silicon AngleWhat to expect during AnsibleFest: Join theCUBE Oct. 18-19 [Ed: Conflict of interest in coverage]

        An important tactic for organizations competing in today’s data-driven economy is automating inefficient processes to streamline cloud operations.

        In one use case, global energy company Compañía Española de Petróleos S.A.U., known as Cepsa, reported 6,000 saved work hours, 35% more productivity, and 10-15% faster response times after automating processes using the Red Hat Ansible Automation Platform. The company also increased security levels thanks to fine-grained data access controls.

        [...]

        (* Disclosure: TheCUBE is a paid media partner for the AnsibleFest. Neither Red Hat Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

    • Debian Family

      • Utkarsh Gupta: FOSS Activites in August 2022

        Here’s my (thirty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

        [...]

        This was my 19th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

    • Canonical/Ubuntu Family

      • The Register UKCanonical displays controversial 'ad' in shell update prog ● The Register

        Some Ubuntu users are not happy at receiving a promotional message at the command line when upgrading their systems.

        As we described last week, Canonical's "Ubuntu Pro" support offering for its Linux distro is now free of charge for up to five machines. If you update your machine from the command line with the apt command, you get an unsolicited ad for the scheme – and some users are not happy about it.

        There are complaints on Reddit, Mastodon, and on the company's own StackExchange site AskUbuntu.

        This is far from the first time Ubuntu has faced such discontent. Last time, it was a promotional message on servers' login screens that caused complaints. This was merely some text added to the /etc/motd file (that is, Message Of The Day), but one cause of upset is that it fetched the information from online – in theory, that might fail or cause unanticipated network access.

        A decade before that, it was Amazon listings in search results and fishing for donations on its download page.

        The new message appears if you use Ubuntu's simplified apt front-end to the underlying Debian Advanced Packaging Tool, although as we mentioned while looking at some Debian derivatives, Debian itself has now adopted the apt command. If you prefer, the older apt-get, and apt-cache commands are still there in both Ubuntu and Debian, and they won't show the message. They're a better choice if you're scripting the operations, too.

      • OMG UbuntuUbuntu’s New Terminal 'Ad' is Angering Users - OMG! Ubuntu!

        In September I tweeted a screenshot of something unexpected that has started to show up in the terminal when I ran system updates.

        It didn’t enrage me at the time (and it kinda still doesn’t) but I did find it a little …Off.

        Now, if you’re suitably tuned-in to the Linux newswire and/or an avid attendee of social media you’ll probably heard about the drama in question.

        If you haven’t, then allow me to…

      • Ubuntu Community Council election 2022 underway!
      • Ubuntu Fridge | Ubuntu Community Council election 2022 underway!

        Voting has begun for the Ubuntu Community Council election. We will be voting in all seven seats for a two year term. All Ubuntu Members are eligible to vote and should receive their ballot by email.

      • UbuntuAn inside look at autonomous vehicle hardware: Advantech’s ITA-460

        You’ve probably heard about the Internet of Things but what about the Artificial Intelligence of Things? Yes, connected things are also getting smarter and smarter. AIoT is a new field that combines AI and IoT in fascinating new use cases, some of them in automotive.

        In response to the booming AIoT market, Canonical partnered with Advantech, a global leader in industrial IoT, to provide an AI in-vehicle platform with visual recognition. This platform is powered by the ITA-460, a modular, water-resistant fanless in-vehicle computer that is certified on Ubuntu 20.04 LTS and powered by an Intel€® 8th/9th Gen Coreâ„¢ i CPU. This platform allows the installation of several additional extensions that significantly increase its functionality. One of these extensions is the MXM GPU for AI acceleration, which perfectly matches application requirements. In this blog post, we will give you a glimpse of this solution’s capabilities and how it’s used in autonomous vehicles.

      • FOSSLinuxUbuntu LTS Releases: Everything you need to know | FOSS Linux

        Ubuntu is one of the most popular Linux distributions used today. It is available in two ways – the Ubuntu Desktop version, that regular users can install on their PCs to perform their daily tasks, and the Ubuntu Server version, which allows you to set up a server.

        Whenever a new Ubuntu release occurs, you will hear terms like “regular/ interim release” and “LTS release.” But what do these terms mean? If you are now well-versed with the Ubuntu releases, continue reading this post. It will give a comprehensive guide on Ubuntu releases and the differences between interim and LTS releases.

      • The Register UKZinc: An Ubuntu remix that dares to be different ● The Register

        While many Ubuntu remixes just switch the desktop or replace a few default apps, Zinc changes some of the fundamentals. The result is impressive.

        Teejeetech is a small computer consultancy in Kerala, India, run by programmer Tony George. Zinc isn't the company's first distro, nor is this the company's first mention on The Register. We previously mentioned their earlier Unity-based remix, U-Mix, as well as originally developing the Timeshift backup tool included in Linux Mint. We thought we'd come back for a proper look at Zinc, the company's second-generation distro.

        Unlike U-Mix, Zinc is a free download. It's based on the current long-term support version of Xubuntu, 22.04.1, so it uses a customized Xfce desktop, plus quite a few additional apps and changed components. Perhaps its biggest change from mainstream Ubuntu is in packaging tools: it includes neither Canonical's own Snap format nor the GNOME/Red Hat alternative Flatpak.

        This mean that Zinc includes a natively packaged version of Firefox, but that's true of several distros now. What is different is that Zinc offers several alternative packaging tools instead so that you probably won't find any need to install either Snap or Flatpak support.

    • Devices/Embedded

      • LiliputingJuno Tablet is a Linux tablet with an Intel Jasper Lake processor for $429 and up - Liliputing

        Juno Computers has been selling Linux laptop and desktop computers for a few years. Now the company is branching out into tablets.

        The first Juno Tablet is now available for pre-order for $429 and up, and it can be configured with one of several different touchscreen-friendly mobile Linux distributions. . Just bear in mind that Juno is selling the tablet as a beta product: some of the hardware is not yet supported by the software.

      • 9to5LinuxJuno Computers Unveils a Linux Tablet Powered by Mobian Linux and KDE Plasma Mobile

        Meet Juno Tablet, one of the few Linux-powered tablets that you can actually buy and own these days. The tablet features a gorgeous 10.1-inch Full HD (1920×1080) IPS 60Hz touchscreen with support for anti-mistouch stylus pens promising a real writing experience thanks to the 1024 level of pressure sensitivity.

        Juno Tablet can actually be bought with a stylus pen, which costs an extra $22 USD. According to Juno Computers, the pen body is light and comfortable to hold and comes with eraser shortcut keys that allow you to write easily, draw freely, and give full play to creative inspiration.

    • Open Hardware/Modding

      • ArduinoThe interactive map highlights regional air pollution | Arduino Blog

        Writer Jason Pargin coined the term “Monkeysphere” to convey Dunbar’s number, which is the maximum number of stable relationships that a person can maintain. It is difficult for people to feel true empathy for anyone outside of their Monkeysphere, which is around 150 people. The result is that we often fail to give the proper attention to injustices that happen outside of our personal Monkeyspheres. To combat that tendency, Ahmed Oyenuga created the Interactive Air Quality Map.

        If you live in the United States, the United Kingdom, or almost any other Western country, your air quality is probably pretty good. You might know on an intellectual level that many foreign countries and cities have serious issues with air pollution that cause real health problems. But those areas are far enough outside of your Monkeysphere that you have trouble caring about them. That isn’t a problem with you; it is simple human nature. Oyenuga’s air quality map provides striking visuals to hammer home the point, so that you get a tangible feel for the air quality in far away locales. It is one thing to read a statistic or look at a graph, but quite another to see the conditions in real-time with your own eyes.

      • ArduinoThis handy machine automatically cuts plastic gears | Arduino Blog

        Many, many mechanisms require gears, but the good news is that plastic gears are very cheap. The bad news is that you have to buy a lot of them at once and that means you need to know ahead of time what gears you need. Being able to make gears on-demand would be very convenient, but most 3D printers lack the tolerance to do it well and CNC setups get expensive. But by following Mr Innovative’s recent video, you can build your own affordable machine that automatically cuts gears.

        This might be able to handle very soft metals, but it is really meant for cutting nylon and other plastics. Users can set the diameter and the number of teeth, which together dictate the pitch. However, they can not change the tooth cut profile without swapping out the blade. They set the parameters on a Nextion LCD touchscreen and then the machine takes care of the rest. It rotates the gear by the calculated pitch, then moves the gear into the circular cutting blade according to the set diameter.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Events

      • Document FoundationKeynote speeches from the LibreOffice Conference 2022

        We’re uploading more sessions from the recent LibreOffice Conference 2022! First we had the opening session, and now the keynotes from our two main sponsors:

      • Timothée Ravier: Recap from the Pass the SALT 2022 conference



        I’ve had the opportunity to talk at the Pass the SALT conference in July 2022. I would like to thank both the organizers for accepting my talk and the Fedora Project for sponsoring me to attend the event.

        My talk was about how we build operating systems optimized for containers, from IoT to desktops and servers (see the video and slides). In this talk, I go over what we are doing to build secure by default operating systems, for all form factors, using container technologies and security primitives from the Linux kernel.

        This conference was also the first one for me since March 2020 and it was nice to reconnect with old friends and meet new acquaintances.

        Here is a list of some the talks that I found the most interesting, in chronological order.

    • SaaS/Back End/Databases

      • PostgreSQLPostgreSQL: PostgreSQL 15 Released!

        The PostgreSQL Global Development Group today announced the release of PostgreSQL 15, the latest version of the world’s most advanced open source database.

        PostgreSQL 15 builds on the performance improvements of recent releases with noticeable gains for managing workloads in both local and distributed deployments, including improved sorting. This release improves the developer experience with the addition of the popular MERGE command, and adds more capabilities for observing the state of the database.

        "The PostgreSQL developer community continues to build features that simplify running high performance data workloads while improving the developer experience," said Jonathan Katz, a PostgreSQL Core Team member. "PostgreSQL 15 highlights how, through open software development, we can deliver to our users a database that is great for application development and safe for their critical data."

        PostgreSQL, an innovative data management system known for its reliability and robustness, benefits from over 25 years of open source development from a global developer community and has become the preferred open source relational database for organizations of all sizes.

      • LWNPostgreSQL 15 released [LWN.net]

        Version 15 of the PostgreSQL database management system is out.

      • PostgreSQLRelease 15

        PostgreSQL 15 contains many new features and enhancements...

      • PostgreSQLNew Members of the Community Code of Conduct Committee
      • LinuxiacPostgreSQL 15 Is Here Loaded with New Features and Enhancements

        PostgreSQL 15’s new SQL MERGE command makes migrating from Oracle and SQL Server easier.

        PostgreSQL, also known as “Postgres,” is an open-source object-relational database management system (ORDBMS). It aims to provide a very robust and feature-complete SQL-compatible storage from the beginning.

        As a result, PostgreSQL advertises itself as “the most advanced open-source relational database in the world.” And the recently released PostgreSQL 15 version confirms this. So, let’s see what it brings us.

    • Productivity Software/LibreOffice/Calligra

    • Openness/Sharing/Collaboration

    • Programming/Development

      • Perl / Raku

        • DEV CommunityIt's time to rak! (Part 1) - DEV Community

          A few months ago, I had a bit of a scare with a notebook showing signs of going nuclear (as in batteries growing up to about 3x their original size, dislodging the bottom plate). In the end, all turned out well, thanks to iFixit, patience and a steady hand.

          Not wanting to install Perl's ack utility on a clean temporary machine, made me write an alpha version of a Raku module App::Rak, providing a similar utility: the rak CLI. Which I presented at the second Raku Conference: Looking for clues with rak.

          Since then, the utility has seen two refactors: the first one was taking out the "plumbing" functionality into a separate module. The second one was rewriting the argument handling (now up to 135 options) to make it easier to produce better error messages, and to make it more maintainable. And now it's at what I would like to think as "beta version" level.

        • DEV CommunityElizabeth Mattijsen: Don't fear the grepper! (1)

          This blog post provides an introduction to the Raku Programmming Language and its grep functionality. It does not require any specific knowledge about the Raku Programming Language, although being familiar with basic grep functionality (of the unix utility), is recommended.

          The grep functionality comes in two flavours in Raku: a procedural (sub) version, and an object oriented (method) version. Since everything in Raku is an object (or can be thought of as one), and I personally mostly prefer the object oriented way, I will be discussing only the method way of using grep and friends.

      • Python

        • QtQt for Python Release: 6.4 is finally here!

          It is early fall in the northern hemisphere, and with that not only do the leaves drop, but also a new Qt for Python release!

          Perhaps you were wondering why the release was not on the same day as Qt?: It was a mixture of CI not liking our configurations, conferences happening during the release, and COVID affecting 50% of the team. Now, everything is working well, and most of us have recovered.

  • Leftovers

    • Hardware

      • The Next PlatformTSMC: The Leading Indicator For An Entire Industry

        Taiwan Semiconductor Manufacturing Co is the world’s largest and most advanced producer of semiconductors, and is therefore a “bellwether” for the semiconductor industry and, in turn therefore, a leading indicator of the entire IT sector that depends so heavily on semiconductors as its key driver.

        A bellwether is supposed to be the lead sheep in a flock, and is called that because it has a bell around its neck so it can be identified by the shepherd and also by the sheep following it. It is not the bell that makes the sheep special, but rather the special sheep that correctly leads the pack that warrants the bell, which creates a virtuous cycle that helps manage the flock.

        [...]

        “We expect probably in 2023, the semiconductor industry will be likely to decline,” Wei explained.

    • Linux Foundation

    • Security

      • MS Enterprise app management service RCE. CVE-2022-35841

        A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday.

        The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications deployed via MDM.

        An unprivileged user can exploit the vulnerability both locally and, in some cases, remotely and gain SYSTEM level access on vulnerable hosts.

      • LWNSecurity updates for Thursday [LWN.net]

        Security updates have been issued by Debian (libreoffice, rexical, ruby-nokogiri, and squid), Fedora (wavpack), Red Hat (expat), SUSE (gdcm, orthanc, orthanc-gdcm, orthanc-webviewer and rubygem-puma), and Ubuntu (GMP and unzip).

      • TechTargetWhy Kali Linux is the go-to distribution for penetration testing

        The Kali Linux distribution enables penetration testers to explore how potential attackers may enter a system. The suite features hundreds of tools to effectively test all aspects of an IT system, from applications to networks.

        Author and pen tester Vijay Kumar Velu wrote Mastering Kali Linux for Advanced Penetration Testing to provide readers with a holistic understanding of ethical hacking, from start to finish, using tools such as Wireshark, Burp Suite and Nmap.

        In an interview with SearchSecurity, Velu discussed what readers at all experience levels can learn from his book, why Kali Linux is such a solid distribution and more.

      • Bleeping ComputerNew Alchimist attack framework targets Windows, macOS, Linux [Ed: Classic FUD. Microsoft propaganda site blames "GoLang" and warns about "Linux" because someone wrote some malware and GoLang and tries to trick people into installing it. Microsoft is trying to shamelessly twist cross-platform compatibility as an undesirable thing and security nightmare.]

        The framework and all its files are 64-bit executables written in GoLang, a programming language that makes cross-compatibility between different operating systems a lot easier.

      • TechRepublicNew Alchimist attack framework hits Windows, Linux and Mac [Ed: Same nonsense as above]
      • IT WireiTWire - Signal to remove support for SMS messages in Android app

        End-to-end encrypted messaging platform Signal will phase out support for plaintext SMS and MMS messages in its Android app over the next few months.

        However current users will have to wait for an update to the Android app before they are able to export their existing plaintext messages to another messaging app on their phones. The current version of the Android app is 5.51.7 (on Android 11) and it lacks any means of exporting messages.

        In a blog post on Wednesday, Signal Messenger, the company behind Signal said while it had offered support for plaintext messages all these years, it no longer made any sense to do so.

      • USCERTCISA Releases Twenty-Five Industrial Control Systems Advisories

        CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

      • Privacy/Surveillance

        • Bruce SchneierDigital License Plates

          More important are the security risks. Do we think for a minute that your digital license plate is secure from denial-of-service attacks, or number swapping attacks, or whatever new attacks will be dreamt up? Seems like a piece of stamped metal is the most secure option.

        • The Register UKCalifornia legalizes digital license plates for all vehicles ● The Register

          Which is great news for the single company that makes them

          California has ended a pilot program and fully legalized digital license plates for private and commercial vehicles, which is great news for the one company that makes them.

          A bill, signed into law by Governor Gavin Newsom, permits the California Department of Motor Vehicles "to establish a program authorizing an entity to issue alternatives to stickers, tabs, license plates, and registration cards" for vehicles in the state.

        • VideoApp Privacy Case Study: The Right Stuff

          Today we will talk about the dangers of phone apps and services with a case study looking at the new "The Right Stuff" conservative dating app. This is a huge warning, and we need to be cautious ourselves.

        • EU ObserverEU under scrutiny for bankrolling surveillance in Africa

          A verdict is imminent on the EU Commission, for projects it financed to help dubious governments in Africa spy on their own people.

          The money comes from the EU Trust Fund for Africa, part of which is being used to develop mass-scale biometric identity systems across the African continent.

          "We're expecting to have an outcome soon," said Ioannis Kouvakas, a senior legal officer at the London-based Privacy International, an NGO, earlier this week.

          Niger, for instance, received over €11m for surveillance drones and a wiretapping centre, among other equipment.

          The underlying premise is to help national authorities crack down on migration and possible terror threats, either through helping them create tools such as data-retention laws or by bankrolling surveillance projects.

    • Finance

      • FortuneBombshell report reveals TikTok is getting rich off livestreaming refugee families begging for help

        Is TikTok exploiting starving families in Syria begging on livestreams for donations to survive?

        That’s the charge leveled by the BBC, which investigated how the popular social media platform owned by China’s ByteDance extracts an overly generous cut of the charitable money meant to go to the poor and the destitute.

        According to the report, children in refugee camps engage in lengthy streams during which they can earn up to $1,000 an hour in a kind of modern-day version of Charles Dickens’ Oliver Twist.

      • DaemonFC (Ryan Farmer)US layoffs accelerating under Bailout Biden's re-defined recession. | BaronHK’s Rants

        Yesterday, over 1,000 US tech layoffs were announced in one day, and that’s just from looking at Layoffs Tracker.

        Some numbers don’t even get published because they try to keep it in an Internal Memo and threaten people’s severance pay if they discuss details with the media.

        And companies that lay off generally also do a hiring freeze and don’t replace people who quit. (Stealth Layoff)

        Today, there’s several big examples.

        For starters, Intel, which just got many billions of dollars in bailout money over the CHIPS Act, which Bailout Biden signed, announced that its sales are a disaster and it will be cutting thousands of jobs as the (Windows) PC market collapses.

        Techrights has been covering the demise of Windows “Vista” 11. Microsoft has a self-inflicted gunshot wound. They figured that they could artificially juice new PC sales by disallowing most upgrade installs for PCs that are older than 2018(!) through ridiculous requirements like TPM 2.0

        [...]

        Windows was already losing 2% of its desktop marketshare every year for the past several years, according to PornHub Insights and was down to just 64.7% last year (all versions). A trend which will no doubt accelerate.

        [...]

        But articles like “The “quiet quitters’ will be the first to get sacked!” are popping up now too. Victim-blaming. Blame-shifting. Disgusting. Gaslighting. Bullshit. They’re starting to admit you’ll lose your job, but it’s going to be entirely “your fault” you know. They’ll have you know.

    • AstroTurf/Lobbying/Politics

      • Misinformation/Disinformation/Propaganda

        • IT WireThe Age: Independent Always? Nope, a little biased now and then

          With the elections in Victoria just 44 days away, the media in the state are keen to step up to the plate and maximise their earnings. Ads roll in at election time, given that the parties in the fray have plenty of money to throw around.

          The Age, the smaller of the two main papers in the state — the other is Rupert Murdoch's Herald Sun — has always been at pains to project itself as unbiased in its coverage, a claim it made prior to the federal election in May as well. Perhaps it hopes to attract advertising from both major sides of politics.

          At the time of the federal election in May, the editor of The Age, Gay Alcorn, wrote in one of her letters to subscribers [which for some curious reason was placed behind a paywall] that the paper had not moved to the right.

    • Civil Rights/Policing

      • AccessNowDigital dictatorship: authoritarian tactics and resistance in EECA

        The use of technology to repress democratic dissent is nothing new. Countries such as China and Russia are widely documented repeat offenders when it comes to deploying authoritarian tactics in digital spaces. Our latest report, Digital dictatorship: authoritarian tactics and resistance in Eastern Europe and Central Asia, explains how a digital dictatorship can emerge and how pro-democracy activists are fighting back.

      • AccessNowResisting the rise of digital dictatorship in Eastern Europe and Central Asia - Access Now

        From internet shutdowns in Azerbaijan and Armenia, to Putin’s intensifying online censorship, digital dictatorship is tightening its grip across Eastern Europe and Central Asia.

        Launching today, Digital dictatorship: authoritarian tactics and resistance in Eastern Europe and Central Asia unpacks the intersecting tools and techniques of oppression that furnish digital dictators’ toolboxes all across the region, and explores techniques for resistance. Read the full report and regional snapshot.

        “The digital dictator’s arsenal is stocked with tactics that systematically chip away at freedom of expression, access to information, and privacy online,” said Anastasiya Zhyrmont, Regional Outreach Coordinator – Eastern Europe & Central Asia at Access Now. “The methodical expansion of this online authoritarianism is being met with resistance, and people across Eastern Europe and Central Asia are fending off oppression, and planting the seeds of democracy — we hope Digital dictatorship: authoritarian tactics and resistance in Eastern Europe and Central Asia supports them in this journey.”

      • The Washington PostWith U.S. nudges, Google and others aim to help Iranian protesters
    • Monopolies

      • Copyrights

        • Walled CultureHow music platform Corite is turning true fans into digital street teams - Walled Culture

          The last chapter of Walled Culture – the book looks at how the many problems of copyright might be mitigated. It concludes with Kevin Kelly’s idea of “1000 true fans“, which has been discussed on this blog previously. One of the most interesting aspects of the true fans idea is that it doesn’t depend on copyright, and would work perfectly well without it.

          Kelly first articulated his vision back in 2008. The world has obviously moved on since then, especially online. His rather general idea of artists being supported directly by their fans has now blossomed into a multitude of different approaches that have already been put into practice.

  • Gemini* and Gopher

    • Personal

      • a beam in my eye



        One is the need to cancel out the discomfort caused by non-fault suffering.

      • Nothing is Complicated

        For the last ten years, I've tried to expunge the words 'simple' and 'complex' from my vocabulary and thinking.

        [...]

        Different cultures use different words. I can't say how much it affects their thinking - people have levied many criticisms of the Sapir-Whorf hypothesis. Still, I suspect bad words inflict bad thinking.

        I just called words 'bad', but the Mbuti would never do that. They don't have the words 'good' or 'bad', so their language forces them to specify what problem they want to state. Words can give you the wrong impression, and food can poison you, and the Mbuti never have to call the food 'bad'.

      • SpellBinding: ACDEFIP Wordo: DUNGS
    • Politics

      • Grounding Politics in Reality

        The political compass is laughably limited. It is primarily focused on matching a progressive/conservative spectrum with an authoritarian/libertarian spectrum. It assumes ideologies are variants of left/right and auth/lib spectrums, rather than complete philosophies unto themselves.

        For example, socialism is not simply a more extreme form of social democracy. It is a fundamentally different way of looking at politics. It has always been this way. I don't think describing Marxism as "further left" than Bernie Sanders is enlightening. Marxists see Sanders as part of the bourgeois political system and as an enemy of the revolution. Social democracy works to appease the proletariat rather than empower it.

        Likewise, fascism is not merely an authoritarian brand of conservatism. It is a revolutionary ideology that often rallies conservatives along, but overall their ideologies do not match up. They have different epistemological systems that play on each other rather than interact intimately.

    • Technical

      • Bombing interviews

        I recently (as in today) had an interview for a job I was really hyping myself up for. The first stage went pretty well which helped boost my confidence a bit. For context, I got my first dev job in 2021 which I feel I kinda lucked out with as I didn't really get technical questions in the traditional sense and the guy interviewing me hadn't written a single line of code in his life.

        Online interviews are also new for me. I have pretty extreme social anxiety and for some reason not being in the same room as the person I'm talking to really fucks with my nerves. I think I was trying to compensate for how anxious I was by talking as much as possible even though I had been planning for it pretty thoroughly the last few days. Every question I got sucked because my mind would just blank and I didn't want to just sit there without saying anything so I'd just ramble until anything came up. I think it would have helped if I told the interviewers about my anxiety and to ask me for clarification if what I say is a bit messy. Even when I'm not under pressure the way I talk is disjointed and I don't structure my thoughts very well which ends up with me throwing everything to the wall and seeing what sticks.

      • Commander X16

        It's a retro-styled computer made using modern components. I love retro computers and I've been eagerly following this project. I keep thinking about driving in and programming on the emulator, but I have other stuff to do right now.

      • Browsers: Clutter to declutter

        Instead of using one browser to rule them all, my life is now scattered across half a dozen browsers: Firefox, LibreWolf, Min, Amfora, Bombadillo and offpunk. I mean it's fine, nobody is getting hurt, but also what the actual fuck lol. That's not even counting the ones on my other devices.

        I'm comforting myself with the idea that this is like the time I konmaried my home and there was shit everywhere for weeks. The house looked like a hoarder palace, but I swear I wasn't a hoarder. I just somehow had a lot of kipple and a chaotic organisation system that got upended when it came time to take stock and thank things for their service.

      • Internet/Gemini

      • Programming

        • The OctoForth Token Machine

          OctoForth is a Forth-inspired threaded interpreter with a unique feature: 8-bit tokens that are magically not limited to a fixed set of 256 meanings.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
 
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024
Gemini Links 20/11/2024: Game Recommendations, Schizo Language
Links for the day
Growing Older and Signs of the Site's Maturity
The EPO material remains our top priority
Did Microsoft 'Buy' Red Hat Without Paying for It? Does It Tell Canonical What to Do Now?
This is what Linus Torvalds once dubbed a "dick-sucking" competition or contest (alluding to Red Hat's promotion of UEFI 'secure boot')
Links 20/11/2024: Politics, Toolkits, and Gemini Journals
Links for the day
Links 20/11/2024: 'The Open Source Definition' and Further Escalations in Ukraine/Russia Battles
Links for the day
[Meme] Many Old Gemini Capsules Go Offline, But So Do Entire Web Sites
Problems cannot be addressed and resolved if merely talking about these problems isn't allowed
Links 20/11/2024: Standing Desks, Broken Cables, and Journalists Attacked Some More
Links for the day
Links 20/11/2024: Debt Issues and Fentanylware (TikTok) Ban
Links for the day
Jérémy Bobbio (Lunar), Magna Carta and Debian Freedoms: RIP
Reprinted with permission from Daniel Pocock
Jérémy Bobbio (Lunar) & Debian: from Frans Pop to Euthanasia
Reprinted with permission from Daniel Pocock
This Article About "AI-Powered" is Itself LLM-Generated Junk
Trying to meet quotas by making fake 'articles' that are - in effect - based on plagiarism?
Recognizing invalid legal judgments: rogue Debianists sought to deceive one of Europe's most neglected regions, Midlands-North-West
Reprinted with permission from Daniel Pocock
Google-funded group distributed invalid Swiss judgment to deceive Midlands-North-West
Reprinted with permission from Daniel Pocock
Gemini Links 20/11/2024: BeagleBone Black and Suicide Rates in Switzerland
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 19, 2024
IRC logs for Tuesday, November 19, 2024