Bonum Certa Men Certa

Links 27/10/2022: Zorin OS 16.2 and GNUnet 0.18.0



  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • LWNThe search for the correct amount of split-lock misery [LWN.net]

        Unlike many other architectures, x86 systems support atomic operations that affect more than one cache line. This support comes at a cost, though, in terms of overall system performance and, even, security. Over the last few years, kernel developers have worked to discourage the use of this sort of "split-lock" operation. Now, though, one group of users is feeling a little too discouraged, leading to a discussion of how much misery can appropriately be inflicted upon users who use problematic but architecturally legal operations.

        The problem with atomic operations that cross cache-line boundaries is that the system bus must take special measures to ensure that both cache lines are simultaneously protected from concurrent access. In practice, that means locking the bus for the duration of the operation, which can stall every other processor in the system. A malicious program executing a tight loop with a split-lock operation can destroy the performance of the system as a whole. For this reason, split-lock operations have long been frowned upon.

        Unfortunately, software that is malicious (or just poorly written) turns out to be remarkably indifferent to even the most severe of frowns. So, starting in 2019, kernel developers sought more persuasive ways to get their point across. The initial work was done by Fenghua Yu but, in the end, this patch by Peter Zijlstra was merged in January 2020 for the 5.7 kernel release.

      • LWNThe rest of the 6.1 merge window

        Linus Torvalds released 6.1-rc1 and closed the 6.1 merge window on October 16; at that point, 11,537 non-merge changesets had been pulled into the mainline repository. That is considerably less than the 13,543 changesets pulled during the 6.0 merge window, but quantity is not everything: there were quite a few significant changes brought in this time around. Many of those were part of the nearly 5,800 changesets pulled since our first 6.1 merge window summary; read on for a look at some of the work done in the latter part of this merge window.

      • LWNIdentity management for WireGuard

        Since its inclusion in the Linux kernel, the WireGuard VPN tunnel has become increasingly popular. In general, WireGuard is simpler to configure than other VPNs, but the approach that it takes to authentication can present some challenges. Each node in a WireGuard network has a cryptographic key that serves as the node's identity; nodes that do not know each other's keys cannot directly communicate. Keeping track of these keys and distributing them to the other nodes in a mesh network quickly becomes a chore as the network grows. Fortunately, there are now several open-source tools that can automate the management of these keys and make using WireGuard easier for both administrators and end users.

        Key management can be particularly challenging for non-technical end users, who are used to logging into services with a username and password. Thus, the main feature that all of these tools have in common is that they allow a user to log into a WireGuard network using a username and password (and possibly a second factor, such as a one-time password). This is usually accomplished by integrating with an identity provider that implements the OpenID Connect (OIDC) standard. OIDC is built on top of the OAuth 2.0 protocol and can be used to implement the ubiquitous "Sign in with Some Big Company" functionality seen on many web sites.

        Some of the software discussed in this article requires an OIDC provider; there are several open-source options for people who aren't already running their own and don't want to farm the task out to some big company. Keycloak is one of the most mature and popular choices and Authelia is an up-and-coming alternative.

      • LWNA first look at Rust in the 6.1 kernel [LWN.net]

        October 13, 2022 There have been a lot of significant changes merged into the mainline for the 6.1 release, but one of the changes that has received the most attention will also have the least short-term effect for users of the kernel: the introduction of support for the Rust programming language. No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels. Perhaps the most likely conclusion for most developers, though, will be that there isn't yet enough Rust in the kernel to do much of anything interesting.

        Work on Rust for the Linux kernel has been going on for a few years, and it has resulted in the creation of a lot of support code and some interesting drivers to look at. There are other initiatives underway, including the writing of an Apple graphics driver in the Rust language. For the initial merge into the mainline kernel, though, Linus Torvalds made it clear that as little functionality as possible should be included. So those drivers and their support code were trimmed out and must wait for a future kernel release. What is there is the support needed to build a module that can be loaded into the kernel, along with a small sample module.

    • Applications

      • MedevelSFTPGo: Open Source SFTP Server with WebDAV Support

        SFTPGo is a feature-rich open source SFTP server that offers HTTP/S, FTP, FTPS, and WebDAV support.

        It also supports several storage backends as local filesystem, encrypted local filesystem, S3 (compatible) Object Storage, Google Cloud Storage, Azure Blob Storage, SFTP.

        The project is written in the Go programming language. It is an ideal solution for enterprise companies and creative team which require something fast and efficient.

      • Medevel15 Open Source WebDAV Servers

        WebDAV is an extension protocol to HTTP that allows users to create, move and edit remote documents on the server.

        WebDAV is widely used for file sharing, file collaboration between teams and groups. It is widely used in many enterprise apps as groupware, and ERP solutions.

    • Instructionals/Technical

      • Barry KaulerProblem with mount utility when non-root

        Posting about this, in case anyone else is puzzled by the behaviour of the 'mount' utility.

        I am working on running EasyOS as user "zeus", where zeus has administrator rights. That means you don't have to prepend "sudo" to do stuff, such as mount a partition.

        No problem with 'mount' in busybox, mounting and unmounting work when running as user zeus. Busybox in Easy is currently version 1.32.0. The 'util-linux' package is version 2.35.1, and it has the "full" 'mount' utility, currently named /bin/mount-FULL

        I do intend to get rid of that weird name, just have the one /bin/mount. Busybox mount does almost everything the "full" mount does, except "mount -t ext4 -o offset=<number> imagefile mntpt" does not work -- that "offset" parameter isn't recognized. However, I looked at the source for version 1.35.0 and it looks like that parameter is now supported.

      • Barry KaulerBusybox 1.34.1 compiled in OE
      • DebugPointCustomize GNOME 42 with A Polished Look

        A tutorial on how you can give your favourite GNOME desktop a polished look, in 5 minutes.

        There are many ways you can customize your favourite GNOME desktop with icons, themes, cursors and wallpapers. This article shows you how to give the GNOME 42 desktop a more polished look. The GNOME 42 desktop environment is available with the recently released Ubuntu 22.04 LTS and Fedora 36.

        Before you read further, here’s how it looks with a side by side comparison (before and after).

      • CitizixHow to run Kafdrop the Kafka Web UI in Docker and Docker compose

        Kafdrop is a web UI for viewing Kafka topics and browsing consumer groups. The tool displays information such as brokers, topics, partitions, consumers, and lets you view messages. Apache Kafka is an open-source platform. Kafka was originally developed by Linkedin and was later incubated as the Apache Project.

      • CitizixHow to run Apache Kafka in Docker and Docker Compose

        Apache Kafka is a distributed event store and stream-processing platform. It is an open-source system developed by the Apache Software Foundation written in Java and Scala.

      • Make Use OfHow to Install and Use Proton GE on SteamOS and Linux

        Proton GE is a bleeding-edge version of Steam's Proton. It adds many patches and fixes ahead of main Proton releases. Proton GE even has a counterpart for non-Steam games called Wine GE. Many Linux gamers consider Proton GE and Wine GE to be essential software for Linux gaming.

        Proton GE and Wine GE are also easy to install. You can either install them manually or through an app. Linux gamers can use this guide to get Proton GE and Wine GE in a breeze. This tutorial will work for Steam Deck users, as well as any desktop running a Linux distribution.

      • Make Use OfHow to Download YouTube Videos on Linux Using yt-dlp

        yt-dlp is a command-line tool that lets you download YouTube videos and playlists to save them offline for later. Here's how to use it on Linux.

      • TechRepublicHow to install the new GNOME Console terminal emulator on Ubuntu-based distributions | TechRepublic

        If you’ve been following along with the latest GNOME desktop news, you’re probably aware that there’s a new terminal emulator around. Say goodbye to GNOME Terminal and say hello to GNOME Console.

        This new app is a part of the new GNOME direction which aims to clean up and simplify the user interfaces such that any would feel instantly familiar with the UI. I’m here to tell you that the developers have done a remarkable job with the new console tool.

        To be fair to GNOME Terminal, I will say that GNOME Console does feel like a stripped-down version. It doesn’t offer nearly the customizations of Terminal, so for some it might seem a bit barebones, but it is clean looking and makes using the command line much simpler.

      • H2S MediaHow to Install Docker Desktop GUI on Ubuntu 22.04 LTS Linux

        Tutorial to install Docker Desktop GUI on Ubuntu 22.04 Linux LTS Jammy JellyFish and manage containers using a Graphical user interface.

        The general way to manage Docker containers is by using the command line interface. However, those who are beginners or just want a Graphical use interface to manage their Docker images and containers can go for “Docker Desktop” for Linux.

        It is an easy-to-install free application provided by the developers of Docker. We can install it on Mac, Linux, and Windows operating systems. However, larger enterprises with more than 250 employees need to purchase a paid subscription.

        The benefit of using Docker Desktop is, it offers a simple interface that let users manage containers, applications, and images on their local PC without touching the command line.

      • Port SwiggerInstalling Burp's CA certificate in Chrome - Linux
      • LinuxTutoHow to Install phpBB on AlmaLinux 9 - LinuxTuto

        phpBB is an acronym for PHP Bulletin Board. It is a fully scalable and customizable open-source forum written in PHP. It can be used to to create forums, start topics and share ideas.

      • HowTo ForgeHow to run Python Scripts with Apache and mod_wsgi on Ubuntu 22.04

        The Apache module mod_wsgi provides an interface for hosting Python-based web applications.

      • HowTo ForgeImplementing SSL Perfect Forward Secrecy in NGINX Web-Server

        This HOW-TO describes the process of implementing Perfect Forward Secrecy with the NGINX web-server on Debian and Ubuntu systems.

      • VideoHow To Execute a Bash Script Without ./ - Invidious

        Since Bash looks in the default locations for commands to execute at the CLI, we need to add the "./" proceeding the command.

      • Windows CentralHow to run any Linux distro alongside Windows 11 | Windows Central [Ed: Misleading. The Microsofters suggest running fake 'Linux' which is in fact Windows spyware crippled by design to make GNU/Linux looks bad]

        or 21H2, if you are a developer, network administrator, or advanced user who needs to use Linux tools, you don't need a second computer since the system offers different solutions to run Linux alongside Windows, including the Windows Subsystem for Linux and Hyper-V.

      • HowTo ForgeHow to Setup APT Proxy on Ubuntu 22.04 LTS

        A proxy server is an intermediate server that sits between the client computer and the internet. In this tutorial, we will show you how to set up proxy settings and apt-proxy in Ubuntu 22.04 Server and Desktop system.

      • Red Hat Official7 Linux commands to gather information about your system | Enable Sysadmin

        Get information about your CPU, storage, RAM, BIOS, and more without leaving the terminal.

      • Linux HintSMTP Commands: Essential SMTP Commands and Response Codes

        The ASCII Simple Mail Transfer Protocol (SMTP) comes with an array of commands and response codes. It functions on a client-server interface and uses TCP port 25. Since SMTP sessions are conversations between SMTP clients and SMTP servers, SMTP commands are often sent from the client machine to the server device.

        Every command should consist of the keyword for the command and zero or more arguments. So, while some keywords contain one or more arguments, the keywords for several commands will not have any accompanying arguments.

        The commands can either be supported by SMTP, CSSMTP, or both. Notably, a client sends commands in alphabetical characters while the server responds using numerical codes.

      • Linux HintReferential Integrity

        Referential Integrity is discussed in this tutorial in the relational database context. Referential integrity is a data property, stating that all its references are valid. Two tables are concerned here. One is called the referenced or parent table. This referenced table has a primary key, which may be made up of one or more columns. The other table has a foreign key whose values are the same as those of the primary key of the referenced table. The other table is referred to as a child table to the parent table.

        The number of columns that make up the foreign key in the child table is the same as those that make up the primary key in the referenced (parent) table. All the foreign key values are found in the column of the primary key. However, the values in the foreign key column may repeat in the child table.

      • Linux HintBoyce–Codd, Fourth and Fifth Normal Forms
      • Linux HintInstall Mate Desktop on Debian 11

        As time passes, one can get bored with the same interface, which can be frustrating because we all need something new at some point in our lives, and the same goes with Debian 11, in which the default theme isn’t good enough for most of the users. So, today we will help you change the appearance of your Debian 11 desktop environment by installing Mate Desktop, which has a new, exciting, and beautiful look.

        This article will cover all aspects of Installing Mate Desktop on Debian 11.

      • Linux HintInstalling Google Chrome in openSUSE

        “Developed and maintained by Google, Google Chrome is one of the most popular web browsers. At the time of writing, Chrome has around 70% of the browser market share across all devices. It’s a cross-platform web browser that’s free of charge.”

        This guide will teach us how to install Google Chrome in openSUSE.

      • DebugPointHow to Fix - Failed to Start Light Display Manager Error [Solved]

        This post guides you on fixing the error – Failed to Start Light Display Manager Error in Linux systems.

        I know it’s not a good feeling when you expect something to come up on the screen and suddenly face this particular error. It is uncomfortable because you are lost in a terminal and unsure of what to do.

        If you follow some steps, it’s easier to fix. So, let’s try to fix it.

      • Linux HintHow to Fetch Cluster Information in Cassandra
      • DebugPoint[Tutorial] How to Install Oracle VirtualBox in Ubuntu and Linux Mint

        Oracle's VirtualBox is a virtualization application which brings several advanced features. It can dynamically allocate virtual machine storage, USB, networking, NVMe support and so on. However, other free and open-source virtual machine apps are available such as virt-manager, GNOME Boxes, etc. They have their own benefits and features. However, VirtualBox is a little advanced, hence ideal for experienced users.

        Here's how you can install it in Ubuntu and Linux Mint (latest versions). And these steps also should work in Debian and other Debian & ubuntu-based distros.

    • Games

    • Desktop Environments/WMs

      • DebugPoint10 Lightweight Linux Distributions for your Old Hardware in 2022

        We highlight a list of 10 lightweight Linux Distributions ideal for your older PC in 2022. We give you their features and what makes them perfect for reviving older hardware.

        We believe that you should not throw away any hardware, especially PC and its components. Ideally, well-designed software should always run on any hardware. There are many Linux Distributions specifically designed for older hardware and PCs. And you can quickly revive them with the help of these Linux operating systems. In this post, we highlight ten such Linux Distributions which are lightweight and old hardware friendly in 2022.

      • GNOME Desktop/GTK

        • The Register UKThe GNOME Project is closing all its mailing lists ● The Register

          The GNOME Project is preparing to shut down its mailing lists due to problems maintaining the project's GNU Mailman instance - which relies on Python 2 - and a lack of moderators.

          The community's leaders maintain a substantial selection of mailing lists, hosted via the GNU Project's Mailman tool. It also hosts its own instance of the Discourse web forum tool, notably also used by Canonical to host the official Ubuntu forums.

          That's going to change, and very soon: at the end of this month. Announcements on several of the lists, such as here on the list for the Evolution email client, state that the lists are closing down, and discussions must move to Discourse.

  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • Web Browsers/Web Servers

      • Mozilla

        • Chris H-C: This Week in Glean: Page Load Data, Three Ways (Or, How Expensive Are Events?)

          At Mozilla we make, among other things, Web Browsers which we tend to call Firefox. The central activity in a Web Browser like Firefox is loading a web page. It gets done a lot by each and every one of our users, and so you can imagine that data about pageloads is of important business interest to us.

          But exactly because this is done a lot and by every one of our users, this inspires concerns of scale and cost. How much does it cost us to learn more about pageloads?[0]

          As with all things in Data, the answer is the same: “Well, it depends.”

          In this case it depends on how you record the data. How you record the data depends on what questions you hope to answer with it. We’re going to stick to the simplest of questions to make this (highly-suspect) comparison even remotely comparable.

    • GNU Projects

      • GNUnetGNUnet 0.18.0 released

        We are pleased to announce the release of GNUnet 0.18.0. GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

        This is a new major release. It breaks protocol compatibility with the 0.17.x versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.17.x GNUnet network, and interactions between old and new peers will result in issues. 0.17.x peers will be able to communicate with Git master or 0.18.x peers, but some services - in particular the DHT - will not be compatible. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.18.0 release is still only suitable for early adopters with some reasonable pain tolerance.

    • Programming/Development

      • CollaboraFrom Lua to JSON: refactoring WirePlumber's configuration system

        Refactoring WirePlumber's configuration system is the first big feature I took up since I joined the PipeWire/WirePlumber team a year back. It's a year well spent in my professional life, hanging around with caring people and truly open source technology. With what I have seen in the multimedia stacks, I honestly believe PipeWire is the next generation multimedia server and WirePlumber playing the role of enhancing its utility and appeal.

        Let me cut back to the subject at hand.

      • OpenSource.comTrick Lua into becoming an object-oriented language | Opensource.com

        Lua isn't an object-oriented programming language, but a scripting language utilizing C functions and a C-like syntax. However, there's a cool hack you can use within Lua code to make Lua act like an object-oriented language when you need it to be. The key is in the Lua table construct, and this article demonstrates how to use a Lua table as a stand-in for an object-oriented class.

        [...]

        The term "object-oriented" is a fancy way of describing, essentially, a templating system. Imagine you're programming an application to help users spot and log zombies during a zombie apocalypse. You're using an object-oriented language like C++, Java, or Python. You need to create code objects that represent different types of zombies so the user can drag them around and arrange them on a map of the city. Of course a zombie can be any number of things: dormant, slow, fast, hungry, ravenous, and so on. That's just textual data, which computers are good at tracking, and based on that data you could even assign the virtual "object" a graphic so your user can identify which general type of zombie each widget represents.

      • QtQt for Python: the 6.4.0.1 release, what?

        We regret to inform you that during the 6.4.0 release, we were attacked by release goblins.

      • Raku

        • DEV CommunityDon't fear the grepper! (4) - DEV Community

          The grep method allows one to filter a list of values: either a value gets through, or it does not. In this way, the functionality of grep is rather limited.

          What if you would not only like to filter out unwanted values, but also would like to adapt an acceptable value on the fly? Or turn a single value into multiple values? With the map method, you can!

          The map method provides a superset of the functionality of grep. But you can also use it as grep with a block to do the filtering (instead of using something to smart-match against).

          In many ways, understanding map well, will make understanding a lot of aspects of the Raku Programming Language a lot easier! So let's focus on that a bit.

          [...]

          This concludes the fourth part of the series, this time introducing the map method. And also introducing the concept of Empty, and Slip in general. And also showing that you can have a statement modifier version of if if you don't need an else or an elsif.!

          Questions and comments are always welcome. You can also drop into the #raku-beginner channel on Libera.chat, or on Discord if you'd like to have more immediate feedback.

      • Kernel

        • “Old/weird laptops” sought to help test Linux kernel backlight drivers | Ars Technica

          Do you have a laptop that's either "pretty old" or "weird in some other way"? Did it ship without Windows from the factory, or did you flash its firmware with coreboot? You could help the Linux kernel move its backlight code forward without abandoning quirky gear like yours.

          Hans de Goede, a longtime Linux developer and principal engineer at Red Hat, writes on his Livejournal about the need to test "a special group of laptops" to prevent their backlight controls from disappearing in Linux kernel 6.1.

          Old laptop tests are needed because de Goede is initiating some major changes to user-space backlight controls, something he has been working on since 2014. As detailed at Linux blog Phoronix, there are multiple issues with how Linux tries to address the wide variety of backlight schemes in displays, which de Goede laid out at the recent Linux Plumbers Conference. There can be multiple backlight devices operating a single display, leaving high-level controls to "guess which one will work." Brightness control requires root permissions at the moment. And "0" passed along as a backlight value remains a conundrum, as the engineer pointed out in 2014: Is that entirely off, or as low as the display can be lit?

        • Kernel 6.1-rc# might break backlight control on old/weird laptops, please test: hansdegoede — LiveJournal

          I have landed a large(ish) refactor of the ACPI/x86 backlight detection code in the kernel for 6.1. I have been very careful to try and not break things but there is a special group of laptops where the ability to control the backlight brightness may disappear because of this.

          The most likely laptops to be hit by this are laptops which are either pretty old and or which are weird in some other way (e.g. flashed with coreboot, did not ship with Windows as factory os, ...). Note Chromebooks are affected by this too, but that special category has already been fixed.

          You can check if your laptop is affected by this by running "ls /sys/class/backlight" if this shows only 1 entry and that entry is named "intel_backlight", "nouveau_bl", "amdgpu_bl0" or "radeon_bl0" then your laptop might be affected.

        • Drew DeVaultNotes from kernel hacking in Hare, part 3: serial driver

          Today I would like to show you the implementation of the first userspace driver for Helios: a simple serial driver. All of the code we’re going to look at today runs in userspace, not in the kernel, so strictly speaking this should be “notes from OS hacking in Hare”, but I won’t snitch if you don’t.

          Note: In the previous entry to this series, I promised to cover the userspace threading API in this post. I felt like covering this instead. Sorry!

          A serial port provides a simple protocol for transferring data between two systems. It generalizes a bit, but for our purposes we can just think of this as a terminal which you can use over a simple cable and a simple protocol. It’s a standard x86_64 feature (though one which has been out of style for a couple of decades now), and its simple design (and high utility) makes it a good choice for the first driver to write for Helios.

      • PHP

      • Java

        • Linux HintJava Substring

          “The java substring is a part of the java main string. As the java strings are immutable, the initial string is left unchanged, and a new string is returned by this function. The new string is the substring from the string. To extract the desired substring using the substring method, we must provide the starting index and ending index as input. The substring returned from this method depends on the index value assigned to it.”

      • Rust

        • LWNBos: Do we need a "Rust Standard"? [LWN.net]

          Mara Bos has written a lengthy blog post on whether the Rust language needs to be standardized. The answer is "no" — but she draws a distinction between a "standard" (maintained by some distant standards body) and a "specification".

        • Do we need a "Rust Standard"?

          Languages like C and C++ are standardized. They are fully specified in an internationally recognized standards document. Languages like Python, Swift and Rust do not have such a standards document.

          Should Rust be standardized? Why, or why not? In this blog post, I try to explain why I do think we need an accurate specification, why I do not think we need “standardization” (depending on your definition), and give an overview of the current state of Rust’s stability and specification efforts.

        • Rust Weekly UpdatesThis Week In Rust: This Week in Rust 466

          Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

    • Standards/Consortia

  • Leftovers

    • Hardware

      • CNX SoftwareWBZ451 Curiosity Board features Microchip PIC32CX-BZ2 BLE and Zigbee 3.0 microcontroller - CNX Software

        Microchip WBZ451 Curiosity Board features the company’s Microchip’s WBZ451PE Bluetooth Low Energy 5.2 and Zigbee 3.0 RF module based on the new Microchip PIC32CX-BZ2 32-bit Arm Cortex-M4F wireless microcontroller.

      • CNX SoftwareEasily add face detection to your project with the Person Sensor module - CNX Software

        It’s now much easier to AI features to your project thanks to better tools, but as we’ve experienced when trying out Edge Impulse machine learning platform on the XIAO BLE Sense board, it still requires some effort and the learning curve may be higher than some expect.

        But for common tasks like face detection, there’s no reason for the solution to be hard-to-use or expensive, and Pete Warden (Useful Sensors) has designed the $10 Person Sensor fitted with a camera module pre-programmed with algorithms that detect nearby faces and reports the results over an I2C interface.

        [...]

        The module will also return identity information, or in other words, try to detect up to 8 different users, but this is not shown in the example above, and it’s not clear how well that works. You’ll find documentation and code samples in different languages including Arduino, CircuitPython, and Python on GitHub.

    • Security

      • IT WireAustralian firms hit by industrial ransomware in 3Q, sec firm Dragos claims

        Australia experienced two industrial ransomware attacks in the third quarter of the year, the industrial security firm Dragos says in an analysis of such attacks that occurred globally.

        There was no indication of the organisations involved; Dragos does not provide such information, nor does it tie a particular malicious actor to any country.

        The company said on Wednesday there had been 128 ransomware attacks on industries, just three more than in the second quarter, which matched an assessment it had made. The African continent also experienced two attacks.

        But it added that it was unaware of any significant industrial disruptions during 3Q.

      • IT WireiTWire - Medibank says My Home Hospital also hit, PII and health data accessed

        The next instalment of the Medibank Group data breach has arrived, with the company confessing on Thursday that patient information from My Home Hospital had also been accessed by an attacker.

        My Home Hospital is a joint venture between Calvary and Medibank implemented on behalf of Wellbeing SA and the South Australian Government.

        Medibank said in a statement that personal information and some health data had been accessed. No further details were provided, but given the current trend there may be more to come on Friday.

      • IT WireiTWire - Pathology practice Medlab reveals data breach after nine months

        Almost nine months after it experienced what it terms a "cyber incident", private pathology practice Medlab Pathology has issued a statement about the incident in which Medicare details and credit card numbers of staff and patients were stolen.

        The "cyber incident" appears to have been a Windows ransomware attack. The statement was made in the name of chief executive Melinda McGrath.

        Medlab is owned by Australian Clinical Labs which acquired the former in December 2021; it has operations in NSW and Queensland. The breach occurred in February 2022.

        The statement said it had begun notifying those affected on Thursday.

      • Hacker NewsAustralian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

        Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack.

        In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health insurance subsidiary and international students.

        Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country.

      • Hacker NewsApple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

        A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri.

        Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

        Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed SiriSpy, has been assigned the identifier CVE-2022-32946.

      • Hacker NewsNew Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

        A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency.

      • SudoRunning sudo without updating cached credentials | Sudo

        One of the recurring questions at conferences was whether there is a way to check cached sudo credentials without updating them. Version 1.9.12 of sudo introduces the -N option which makes this possible, and also allows running any commands without updating the cached credentials.

      • LWNSecurity updates for Thursday

        Security updates have been issued by CentOS (389-ds-base, bind, expat, java-1.8.0-openjdk, java-11-openjdk, libksba, and squid), Debian (chromium, libdatetime-timezone-perl, tzdata, and wordpress), Fedora (dbus, dhcp, dotnet3.1, jhead, samba, and strongswan), Mageia (virtualbox), Oracle (device-mapper-multipath), Scientific Linux (device-mapper-multipath and thunderbird), Slackware (curl), SUSE (container-suseconnect, curl, kernel, libmad, libtasn1, libtirpc, qemu, rubygem-puppet, SUSE Manager Client Tools, and telnet), and Ubuntu (curl, linux-intel-iotg, and mysql-5.7).

      • Hacker NewsRansomware: Open Source to the Rescue [Ed: Microsoft Windows TCO]

        In the US, Colonial pipeline is seeking tax reductions from the loss incurred by the 2021 ransomware campaign they were victims of. But wait… to what extent is the government (and, by extension, every taxpayer) is then indirectly sponsoring cybercrime?

      • Hacker NewsResearchers Expose Over 80 ShadowPad Malware C2 Servers[Ed: Microsoft Windows TCO]
      • Hacker NewsBritish Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

        Furthermore, the indictment accuses Kaye of conniving with one or more persons going by the name "thedarkoverlord" to sell Social Security numbers, not to mention launder the cryptocurrency proceeds of the sale through mixing services like Bitmixer.io to obscure the money trails.

      • USCERTCISA Releases Four Industrial Control Systems Advisories | CISA

        CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

    • Censorship/Free Speech

      • Internet Freedom FoundationKarnataka HC dismisses Aakar Patel's application

        Mr. Aakar Patel, a human rights activist and author, approached the Karnataka High Court seeking permission to intervene in an ongoing petition filed by Twitter challenging blocking orders issued by Union of India under S.69A of the Information Technology Act, 2000 (‘IT Act, 2000). Mr. Patel, whose Twitter Account was blocked in June 2020, approached the Court to highlight how the Government of India is censoring Twitter accounts without even hearing affected users or providing them copies of blocking orders. The Karnataka High Court declined to permit Mr. Patel to intervene because other users would also approach the Court in a dispute which is between Twitter and the Union of India. Senior Advocate V Srinivasa Raghavan appeared on behalf of Mr. Patel and Keystone Partners, and IFF provided legal support.

    • Internet Policy/Net Neutrality

      • Ariadne ConillThe internet is broken due to structural injustice | Ariadne's Space

        Over the past few years, I’ve come to realize that the Internet as we know it is utterly broken. Lately, I’ve also been pondering how participants in the modern Internet have enabled and perpetuated harm to society at large. Repeatedly, we have seen the independence of the commons chipped away by powerful men who wish for participants to serve their own whims, while those who raise concerns with these developments are either shunned, banned or doxed.

        On Friday, October 28th, we will see another demonstration of these structural injustices where the commons takes another loss to the whims of a powerful man. Last time, it was freenode’s takeover by Andrew Lee, and this time it will be Twitter’s takeover by Elon Musk. No, really, the deal is already concluded: TWTR will be delisted from NASDAQ on Friday.

        Will this be the end of Twitter? Probably not, but it will be the end of the current relationship the commons shares with Twitter. Instead of acting as a self-described “public square,” it will further evolve into a chaotic cacophony of trolling and counter-trolling driven in the name of algorithmic engagement. Some will move to other microblogging services and networks, and will likely discover that everything which made Twitter horrible likely applies in some way to the replacement.

      • AccessNowInternet shutdowns shroud and facilitate brutality of Myanmar junta’s airstrike in Hpakant township - Access Now

        Access Now condemns the ongoing war crimes committed by the military junta in Myanmar, and its use of internet shutdowns to conceal the atrocities. More than 80 people are dead and a hundred more injured after the military dropped four bombs at a gathering of the Kachin Independence Organisation (KIO) at approximately 20:30 local time on 23 October. The deliberate communication blackout meant local media were only able to report on the disaster hours later on 24 October. People on the ground still struggle to get updated information on the number of casualties and their conditions because of ongoing shutdowns.

        “Mobile internet in Hpakant has been shut down for over 430 days. Since last week, curfew-style blocking of wifi is cutting off the region for approximately 17 hours every day, starting at 17:00, and only reconnecting at 10:00 the next day,” said Wai Phyo Myint, Asia Pacific Policy Analyst at Access Now. “When the bombs dropped on Sunday evening, the mostly-civilian crowd was left isolated, unable to contact friends and family to seek help and urgent medical attention. It was a targeted and brutal massacre, and shutting down the internet was a deliberate assurance that the extent of the military’s atrocities would be buried.”

        Access Now documents internet shutdowns globally — recognizing that in recent years, shutdowns have become more sophisticated, lasting longer, harming more people, and targeting vulnerable groups. In 2021, Myanmar ranked 2nd in the world in terms of the number of shutdowns that year.

      • Internet Freedom FoundationReturn to Sender : IFF's submission to the draft Telecom Bill, 2022

        The draft Indian Telecommunication Bill, 2022 was released for public consultation on September 21, 2022. It follows the consultation paper on the “Need for a new legal framework governing Telecommunication in India” which was published on July 23, 2022. Read our brief, which forms a part of our consultation response, where we identify and analyse specific issues with the Telecom Bill, 2022. Our main recommendation is that the Telecom Bill, 2022 should be recalled and a fresh consultation process commensurate with the stated goal of “​​restructur(ing) the legal and regulatory framework for the telecommunications sector.”

        [...]

        It consolidates the laws governing provision, development, expansion & operation of telecom services, telecom networks & telecom infrastructure and assignment of spectrum. In doing so, it repeals the Indian Telegraph Act, 1885, the Indian Wireless Telegraphy Act, 1933, & the Telegraph Wire (Unlawful Protection) Act,1950, while amending certain provisions of the Telecom Regulatory Authority of India Act (“TRAI”), 1997. However, any rules made under these legislations will continue to be in force. It purportedly takes into account the comments received from stakeholders & industry associations on the consultation paper on the “Need for a new legal framework governing Telecommunication in India” which was published on July 23, 2022 (Read IFF’s comments on the paper here). The deadline for submitting comments on the paper was August 25, 2022 which was further extended to September 1, 2022. The Telecom Bill was released three weeks after the completion of this deadline.

      • AccessNowIndia’s Draft Telecommunication Bill empowers gov't to impose internet shutdowns - Access Now

        Note: Access Now signed this letter and joins the call of other organisations for the Indian government to withdraw the Draft Telecommunication Bill, 2022 because its authorizes government to order internet shutdowns in violation of human rights.

      • Public KnowledgeFCC Votes To Strengthen Network Resiliency in Puerto Rico, U.S. Virgin Islands - Public Knowledge

        Today, the Federal Communications Commission voted to approve a Further Notice of Proposed Rulemaking to support mobile carriers and broadband providers operating in Puerto Rico and the U.S. Virgin Islands to strengthen their networks’ resiliency in the face of natural disasters. Public Knowledge applauds the Commission for taking action to keep consumers connected even during disasters and other emergencies, but urges the agency to locate funds for improving network resiliency across the nation.

        The following can be attributed to Harold Feld, Senior Vice President at Public Knowledge:

        “As today’s FCC action makes clear, although carriers have made progress toward hardening their networks in Puerto Rico and the Virgin Islands to withstand increasingly violent hurricane seasons, more work remains. We applaud Chairwoman Rosenworcel and her fellow Commissioners for seeing this through rather than walking away with the job half finished.

      • Public KnowledgeFCC Moves To Leverage 12 GHz Band To Further Close Digital Divide - Public Knowledge

        Today, the Federal Communications Commission voted to approve a Notice of Inquiry seeking comment on the current use of the 12.7-13.25 GHz band as well as ways to encourage more efficient use of the band and whether it’s suitable for mobile broadband services. Public Knowledge applauds the Commission for moving to leverage the 12 GHz band to further close the digital divide.

        The following can be attributed to Kathleen Burke, Policy Counsel at Public Knowledge:

        “We applaud Chairwoman Rosenworcel for her continued leadership in looking for new ways to share access to spectrum for vital telecommunications services like mobile broadband and Wi-Fi. Limited spectrum access is a clear barrier to closing the digital divide and ensuring that all Americans have access to the crucial telecommunications services we rely on to function in our society. Finding creative ways to provide more spectrum access is an important goal that we applaud the FCC for continuing to pursue.

        “Because of the urgency in promoting competition in mobile broadband and increasing unlicensed spectrum access generally, we urge the Commission to issue an Order authorizing shared use in the ‘lower’ 12 GHz band. Opening the lower 12 GHz in addition to the upper 12 GHz would potentially make over 1,000 MHz of spectrum available for advanced services.

    • Monopolies

      • Software Patents

        • LWNThe disabling of hardware codecs in community distributions [LWN.net]

          Software patents affect our systems in many ways, but perhaps most strongly in the area of codecs — code that creates or plays back audio or video that has been compressed using covered algorithms. For this reason, certain formats have simply been unplayable on many Linux distributions — especially those backed by companies that are big enough to be worth suing — without installing add-on software from third-party repositories. One might think that this problem could be worked around by purchasing hardware that implements the patented algorithms, but recent activity in the Fedora and openSUSE communities shows that life is not so simple.

          In September, the Fedora project changed how it builds the Mesa graphics library, disabling support for the H.264 and H.265 codecs. These formats are heavily encrusted with software patents and have long been difficult to support on Linux systems, though the existence of OpenH264 has improved the situation for many users. In this case, though, the patented algorithms are not being executed on the CPU running Linux; instead, they are run (and accelerated) on a peripheral processor like the GPU. With the change, Fedora users (only of the upcoming Fedora 37 release for now, though that will likely change) have lost access to the acceleration provided by their hardware.

          The problem was promptly brought to the Fedora development list, where a number of users expressed their unhappiness at the change. But there was also a certain amount of surprise that Red Hat would not allow code that enables hardware functionality to be shipped; Chris Adams, for example, asked: "But isn't this just providing for hardware decoding, where (presumably) the hardware vendor arranged for whatever needed licenses?". The "presumably", in this case, turns out to be wrong.

      • Copyrights

        • Walled CultureWhy the 'true fans' model is great not only for creators, but for entrepreneurs too - Walled Culture

          The “true fans” idea has appeared in many posts on this blog, and also makes an appearance in the last chapter of Walled Culture the book, as a viable alternative to copyright and its manifest ills. Kevin Kelly first articulated the true fans idea in 2008, and it was surprisingly soon after that companies started popping up to provide some of the infrastructure needed to facilitate the idea. For example, Kickstarter was launched in 2009, while Patreon began in 2013, and both have gone on to become hugely successful examples of the true fans approach.

          Simon Owens has an interesting post on his Substack newsletter entitled “Why Patreon is struggling“. He identities a number of what he calls “key weaknesses in the platform’s core offerings”. One is that “a creator’s ability to distribute free content via Patreon is limited”. That’s a problem, because many people (rightly) want to see an example of a creator’s work before sending off money. It also prevents creators from distributing their work freely on Patreon as a matter of course, in order to reach as wide an audience as possible, and to locate the true fans among them.

          Another issue according to Owens is that Patreon doesn’t have a recommendation tool that helps creators find new audiences. The lack of basic tools for distributing and analysing content is another clear gap in Patreon’s offerings according to Owens.

  • Gemini* and Gopher

    • Personal

    • Technical

      • Internet/Gemini

        • Browsing Gemini Offline

          I’m now browsing Gemini completely offline. It works. I managed to make AV-98 a totally offline gemini client which works well enough for my own needs and it’s a very interesting experience.

      • Programming

        • Carbon Dating HTML

          One of the more common feature requests I've gotten for Marginalia Search is the ability to search by date. I've been a bit reluctant because this has the smell of a a surprisingly hard problem. Or rather, a surprisingly large number of easy problems.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024