Hello and welcome to Episode 486 of Linux in the Ham Shack. In this short-topics episode, the hosts discuss sweepstakes contesting, Youths on the Air, ham radio as a game (?), GUAC, a very old sqlite vulnerability that persists today, holes in OpenSSL, the latest version of Ubuntu and much more. Thanks for listening and have a great week.
Jeff Geerling, the great Raspberry Pi hacker and star geek on YouTube, talks with Doc Searls and Jonathan Bennett about Ansible, Jellyfin, how subscription TV is the new cable, and fun hacks in our new media age.
Max Howell is CEO of Tea, the platform that enables developers to get compensated for their work. Max is also the creator of Homebrew, the popular package management system.
EuroBSDcon 2022 as first BSD conference, Red Hat’s OpenShift vs FreeBSD Jails, Running a Docker Host under OpenBSD using vmd(8), history of sending signals to Unix process groups, Toolchains adventures - Q3 2022, and more
This week in the Business News, VirtualBox adds new features, Twitter Doesn't Want You to screenshot, and Pine64 has a new SBC. Also, Halolens causes military to get sick and about half of all computers can't run Windows 11. We also visit SillyVille.
The QEMU emulator has a sizable set of storage features, including disk-image file formats like qcow2, snapshots, incremental backup, and storage migration, which are available to virtual machines. This software-defined storage functionality that is available inside QEMU has not been easily accessible outside of it, however. Kevin Wolf and Stefano Garzarella presented at KVM Forum 2022 on the new qemu-storage-daemon program and the libblkio library that make QEMU's storage functionality available even when the goal is not to run a virtual machine (VM).
Like the Linux kernel, QEMU has a block layer that supports disk I/O, which it performs on behalf of the VM and supports additional features like throttling while doing so. The virtual disks that VMs see are backed by disk images. Typically they are files or block devices, but they can also be network storage. Numerous disk-image file formats exist for VMs and QEMU supports them, with its native qcow2 format being one of the most widely used. The QEMU block layer also includes long-running background operations called blockjobs for migrating, mirroring, and merging disk images.
All memory accesses in a BPF program are statically checked for safety using the verifier, which analyzes the program in its entirety before allowing it to run. While this allows BPF programs to safely run in kernel space, it restricts how that program is able to use pointers. Until recently, one such constraint was that the size of a memory region referenced by a pointer in a BPF program must be statically known when a BPF program is loaded. A recent patch set by Joanne Koong enhances BPF to support loading programs with pointers to dynamically sized memory regions.
October 24, 2022 Among the many quirks that make the C language so charming is the set of behaviors that it does not define; these include whether a char variable is a signed quantity or not. The distinction often does not make a difference, but there are exceptions. Kernel code, which runs on many different architectures, is where exceptions can certainly be found. A recent attempt to eliminate the uncertain signedness of char variables did not get far — at least not in the direction it originally attempted to go.
As a general rule, C integer types are signed unless specified otherwise; short, int, long all work that way. But char, which is usually a single byte on current machines, is different; it can be signed or not, depending on whatever is most convenient to implement on any given architecture. On x86 systems, a char variable is signed unless declared as unsigned char. On Arm systems, though, char variables are unsigned (unless explicitly declared signed) instead.
The fact that a char variable may or may not be signed is an easy thing for a developer to forget, especially if that developer's work is focused on a single architecture. Thus, x86 developers can get into the habit of thinking of char as always being signed and, as a result, write code that will misbehave on some other systems. Jason Donenfeld recently encountered this sort of bug and, after fixing it, posted a patch meant to address this problem kernel-wide. In an attempt to "just eliminate this particular variety of heisensigned bugs entirely", it added the -fsigned-char flag to the compiler command line, forcing the bare char type to be signed across all architectures.
This change turned out to not be popular. Segher Boessenkool pointed out that it constitutes an ABI change, and could hurt performance on systems that naturally want char to be unsigned. Linus Torvalds agreed, saying that: "We should just accept the standard wording, and be aware that 'char' has indeterminate signedness". He disagreed, however, with Boessenkool's suggestion to remove the -Wno-pointer-sign option used now (thus enabling -Wpointer-sign warnings). That change would enable a warning that results from the mixing of pointers to signed and unsigned char types; Torvalds complained that it fails to warn when using char variables, but produces a lot of false positive warnings with correct code.
Hello everyone,
I'm happy to announce the start of a new release cycle with the first release candidate, 22.3.0-rc1.
New features (in no particular order): - GL_ARB_shader_clock on llvmpipe - VK_KHR_shader_clock on lavapipe - Mesa-DB, the new single file cache type - VK_EXT_attachment_feedback_loop_layout on RADV, lavapipe - VK_KHR_global_priority on RADV - GL_KHR_blend_equation_advanced_coherent on zink - VK_EXT_load_store_op_none on RADV - VK_EXT_mutable_descriptor_type on RADV - VK_EXT_shader_atomic_float on lvp - VK_EXT_shader_atomic_float2 on lvp - GL_NV_shader_atomic_float on llvmpipe - VK_EXT_image_robustness on v3dv - VK_EXT_extended_dynamic_state3 on lavapipe - VK_EXT_extended_dynamic_state3 on RADV - VK_EXT_pipeline_robustness on v3dv - Mali T620 on panfrost - Shader disk cache on Panfrost - support for R8G8B8, B8G8R8, R16G16B16 and 64-bit vertex buffer formats on RADV - initial GFX11/RDNA3 support on RADV - various ray tracing optimizations on RADV - extendedDynamicState2PatchControlPoints on RADV (VK_EXT_extended_dynamic_state2 feature) - Radeon Raytracing Analyzer integration (using RADV_RRA_* environment variables)
A couple of notes for packagers: - When building the Intel Vulkan driver with ray-tracing (using `-D intel-clc=enabled`, disabled by default), libclc is required (both as build and runtime dependency). - Rusticl, the OpenCL implementation (`-D gallium-rusticl=true`, disabled by default), introduces a bunch of new dependencies. Make sure you read docs/rusticl.rst (https://docs.mesa3d.org/rusticl) if you're considering enabling it.
For now, no driver is enabled by default in Rusticl. See here for how to enable them: https://docs.mesa3d.org/envvars#rusticl-environment-variables
If you find any issues, please report them here: https://gitlab.freedesktop.org/mesa/mesa/-/issues/new
The next release candidate is expected in one week, on November 9th.
Cheers, Eric
This article guide walks Debian-based users through the download, installation, and usage of the apt-offline tool to effortlessly upgrade Debian-based Linux distribution with limited, slow, or zero internet connection.
apt-offline is an offline package management utility that is used to install/upgrade software packages with their dependencies on Debian-based Linux distributions with no direct internet connection.
The most important duty of a Linux system administrator is to make sure the system he/she is administering is in very good condition. There are many tools available for Linux system admins that can help to monitor and display processes in a system such as top and htop, but none of these tools can compete with collectl.
Debian is known amongst the Linux community for its gold standard in being stable, and a common drawback can be that the packages, especially after the new Debian release ages are that they are often years behind what is currently available as they only receive security and bug updates to keep packages stable. Now for most environments, this is acceptable. Still, it can be very frustrating for users needing specific packages to be upgraded to utilize the features or fix annoying non-critical or security-related bugs. However, the great thing about Linux and using repositories is that you can use what is known as backports or experimental repositories, which are packages taken from the next Debian release, which is nearly always the testing repository and adjusted recompiled for usage on Debian stable.
Create a defined, consistent and portable environment for executing automation jobs on air-gapped or disconnected systems.
For most users, the standard Linux Kernel that ships with your distribution suites your purpose fine. But for users that would like to install the latest kernels that the Debian team is working on, which is usually found in the sid repository or better known as unstable can be more beneficial to install given it should be better compatible than a generic kernel in some circumstances along with being easy to upgrade.
The tutorial will demonstrate how to add the sid repository and create an apt pin using the command line terminal for users who prefer installing an upgraded kernel from the Debian team.
OctoPrint on Linux is a great combination for diehard Linux and 3D printing fans. Read on for an OctoPrint-Linux installation guide!
Tmux sessions are persistent. This means after exiting the program, the sessions will continue running. Ctrl + b is the default prefix used in Tmux. All commands in Tmux start with this default prefix, followed by a key to invoke the command into your Tmux application. This article guide will illustrate how to capture the Tmux panes’ history.
However, before we dive into our subject matter, we need to install Tmux on our Linux OS. To do so, follow the brief guide provided herein, and if you encounter any challenges or want an in-depth article on how to install Tmux and use Tmux, check out this comprehensive guide.
You have come to the right spot if you use Tmux and are unsure how to utilize it to capture pane history. You can use the directives in this article to learn the essential procedures for capturing the Tmux pane history.
exFAT file system is a worthy successor to FAT32 and can be quite useful in many ways. Well, today you will learn how to enable exFAT support in Ubuntu 22.04.
VLC media player is one of the best media players out there. This cross-platform player is feature rich and it can literally play any media format that’s available.
You’ll be surprised to know that VLC is much more than just a video player. It can do a lot of things with your media files.
Downloading YouTube video with VLC is one of the VLC tips we have shared on It’s FOSS.
Let me share another one with you. How about trimming a video with VLC? It’s not the best way to trim videos but it is available as an option.
The “Arc” theme for Linux is popular for its simplicity and modern look. The high-quality contrast and flat, Material-like design make it a step above other themes. Additionally, the transparent elements make it compatible with desktop environments like GNOME, Xfce, Unity, Mate, Budgie, and more.
Arc is a flat theme for GTK 3, GTK 2, and various desktop shells. It’s well-suited for any window manager or application that uses GTK.
If your Linux computer uses GTK as the theming engine, you won’t have trouble using and enjoying the beauty of Arc. Arc theme has 4 options: Arc – a combination of light and dark, Arc-Lighter, Arc-dark, and Arc-darker.
Snappy (in short, Snap) packages are transactional packages developed by Canonical for Ubuntu for its line of solution offerings. Due to its transactional nature, snap packages can be used in across Linux Distributions. Snap packages are handy due to their atomic update in nature for critical industrial use cases such as IoT.
This article will show you how to perform basic operations with snap via the command line.
An new video by Ramon! This time it’s all about the sensors...
Once again, I got the honor of the Halloween special for the News from KDE PIM post. Let’s see what happened during the last two months.
EasyOS has QEMU in the repository. It is compiled in OpenEmbedded, with an existing build recipe. I have never compiled QEMU in a running system, and decided to do so, to explore the configure options. I noticed that the build recipe in OE is using a minimum of system libraries, so wanted to see if that can be improved.
Many organizations struggle to determine the best ways to modernize their internal and external business processes and applications. In this process, it can be challenging to determine the best path forward, especially when the options sometimes seem to conflict.
Here are some of the most common approaches, based on conventional wisdom, along with some emerging alternatives contrary to traditional thinking. You might be surprised at which approaches better fit your organization’s specific needs.
There’s no denying the value of strong communication skills in IT. These soft skills forge strong relationships among stakeholders and teams, aid in problem-solving, build robust workplace cultures, and drive projects forward. Strong communication skills are more important than ever in today’s hybrid and remote work era.
We asked business and IT leaders to share the poor communication habits they’ve encountered among their teams and peers and ways to turn these bad habits into strengths. Here’s what they had to say.
The Node.js community is working on an effort to ensure the Next-10 project is just as successful over the next ten years as it was in the first ten. This large open source project is the basis for many backend web applications and offers lessons for other open source communities. This article discusses the project's goals and progress.
Making applications accessible to disabled users is both good business and often required by law. We must develop the Node.js components that are part of these applications in a way that facilitates accessibility. This installment of the ongoing Node.js Reference Architecture series covers the key questions that Node.js developers need to understand about accessibility...
The Fedora Community in Brazil recently celebrated the release of Fedora Linux 37. The last Release Party in-person in Brazil was back in July 2016. We hosted a Fedora 37 Release Party at the University of São Paulo this month with the help of the Grupo de Extensão em Livre e Open Source (GELOS) group. Thank you to all the organizers, speakers, and attendees who made the Fedora 37 Release Party Brazil possible.
This is going to be mostly for 10/26 - 11/2 but with some other background information from other things I worked on in October.
We are Red Hat Week happened last week which was super fun! On 10/26 I attended the emerging OS CY22Q3 celebration to play bingo and get updates. On Thursday 10/27 I was in the Boston office and joined the Crayons to Cradle group, packing hygiene kits for kids ages 3-12 and coloring pieces of paper for them. Really great to see everyone from around Red Hat.
If you’re embarking on a new project and evaluating public clouds, the cost involved will be one of your main considerations. You might decide to use Google Cloud Platform (GCP) as your primary cloud platform. If so, you’ll want to estimate costs based on listed prices. But it might surprise you to find a higher bill than you originally expected.
Axiomtek iNA200 is a DIN-rail mountable cybersecurity gateway powered by a choice of Elkhart Lake Atom x6000E-series processor and designed for operational technology (OT) network security.
A decade ago, I was learning Linux through building projects for my own needs. One of the projects was a DIY CCTV system based on a Linux box – specifically, a user-friendly all-in-one package for someone willing to pay for it. I stumbled upon Zoneminder, and those in the know, already can tell what happened – I’ll put it this way, I spent days trying to make it work, and my Linux skills at the time were not nearly enough. Cool software like Motion was available back then, but I wasn’t up to the task of rolling an entire system around it. That said, it wouldn’t be impossible, now, would it?
Andes Technology has unveiled the high-end AndesCore AX60 series out-of-order 64-bit RISC-V processors at the Linley Fall Processor Conference 2022 with the new cores designed for compute-intensive applications such as advanced driver-assistance systems (ADAS), artificial intelligence, augmented/virtual reality, datacenter accelerators, 5G infrastructure, high-speed networking, and enterprise storage.
Arduino Make Your UNO Kit is a kit with two boards, one for the microcontroller and the other for audio, and all components required that can be used to learn how to solder and then Arduino programming.
Once soldering and assembly are complete you’ll hopefully get a working Arduino UNO and an audio synthesizer shield. But before you get there, you’ll need to equip yourself with a soldering iron and some soldering tin to solder the components below to the two PCBs.
Long ago, when I was a tech administrator for Arlington Public Schools, I received an unexpected email saying, "Our school in India loves your children's stories, so we've printed them all out in braille."
Apparently, the school had found my collection of children's stories on the web. I spent a moment visualizing those students so far away, enjoying my stories on those printed pages of braille. The email's sender might not have realized how meaningful their email was to me, but it's stayed with me for two decades.
Notesnook is a free (as in speech) & open source note-taking app focused on user privacy & ease of use. To ensure zero knowledge principles, Notesnook encrypts everything on your device using XChaCha20-Poly1305 & Argon2.
[...]
Notesnook is an open source free project that is released under the GPL-3.0 License.
Mike Bishop talked about the complexities of current internet. Redirects before, during, after. HTTPS records. Alt-svc. Alt-SvcB. Use the HTTPS record for that alternative name.
This presentation triggered a long discussion on how to do things, how things could be done in a future and how the different TTLs in this scenario should or could interact. How to do multi-CDN, how to interact with DNS and what happens if a CDN wants to disable QUIC?
A very long discussion that mostly took us all back to square one in the end. The alt-svcb proposal as is.
It is with great pleasure that I am announcing the launch of our new contribute page in SUMO a.k.a SUpport.Mozilla.Org. SUMO is one of the oldest contribution areas in Mozilla, and we want to show you just how easy it is to contribute!
There are many ways you can get involved with SUMO, so getting started can be confusing. However, our new contribute page should help with that, since the pages are now updated with simpler steps to follow and a refreshed design.
Part of the early appeal of the World Wide Web was the promise that anybody could create a site and publish interesting content to the world. A few decades later, that promise seems to have been transformed into the ability to provide content for a small number of proprietary platforms run by huge corporations. But, arguably, the dream of widespread independent publishing is enjoying a resurgence. The Ghost publishing platform is built around the goal of making publishing technology — and the ability to make money from it — available with free software.
Ghost is an MIT-licensed application written primarily in JavaScript; it has been under development since 2013. The project is owned by the non-profit Ghost Foundation, which appears to be mainly funded by an associated Ghost(Pro) hosting business. The entire platform appears to be free software; this is not an open-core offering.
At a first glance, Ghost looks like yet another blogging platform, providing the ability to create, edit, and publish articles. Tied closely to that platform, though, is the ability to send articles via email newsletters; Ghost seems to be firmly positioned as a free alternative to operations like SubStack. Support for paid subscriptions is also built in, with the ability to define multiple subscriber levels. Much of the documentation and in-system help provided by Ghost is aimed at helping users create and monetize their content with the platform.
Lua is a scripting language used for procedural programming, functional programming, and even object-oriented programming. It uses a C-like syntax, but is dynamically typed, features automatic memory management and garbage collection, and runs by interpreting bytecode with a register-based virtual machine. This makes it a great language for beginners, but also a powerful tool for experienced programmers.
Lua has been somewhat eclipsed from the public view by languages like Python and JavaScript, but Lua has several advantages that make it popular in some major software projects. Lua is easily embedded within other languages, meaning that you can include Lua files in the code base of something written in (for instance) Java and it runs as if it were native Java code. It sounds like magic, but of course there are projects like luaj working to make it possible, and it's only possible because Lua is designed for it. It's partly because of this flexibility that you're likely to find Lua as the scripting language for video games, graphic applications, and more.
As with anything, it takes time to perfect, but Lua is easy (and fun) to learn. It's a consistent language, a friendly language with useful error messages, and there's lots of great support online. Ready to get started?
Python has lots of different options for mutable data structures, both directly in the language and in the standard library. Lists, dictionaries (or "dicts"), and sets are the foundation, but two of those maintain an order based on how the elements are added, while sets do not. A recent discussion on the Python Discourse forum raised the idea of adding an ordered variant of sets; while it does not look like there is a big push to add the feature, the discussion did show some of what is generally needed to get new things into the language—and could well lead to its inclusion.
By their very nature, Python lists have always been ordered; they can also be indexed like arrays. On the other hand, Python dicts started off as unordered, so that adding two entries to a dict could result in either order when, say, iterating over the keys. Dicts would normally maintain the same order if no additions or deletions were made to them, but it was not guaranteed by the language. That all changed when a new implementation of dicts for Python 3.6 maintained the insertion order as a side-effect of a more memory-efficient algorithm. In Python 3.7, ordered dicts were adopted as part of the Python language, so all implementations have to support that feature.
There is also the longstanding collections.OrderedDict implementation in the standard library; it is optimized for reordering efficiency, which makes it a good choice for least-recently-used (LRU) caches, for example. The standard dict is optimized for mapping operations and insertion speed, so there are (still) good reasons to have both available. But, since the existence of OrderedDict pre-dated the switch to ordered dicts in the language, to some it seems like it might provide a precedent for an OrderedSet data structure in the standard library as well.
But sets in both math and Python are just containers for some items—objects—with no duplicates. The operations available for sets are what would generally be expected: membership (using "in"), union, intersection, difference, subset, and so on. The order of the elements in a set is effectively random.
The aria-label property is made available to us by the Accessible Rich Internet Applications (ARIA) standard. It allows a property/value declaration in HTML as a way of providing an accessible name for an interactive element.
Proofpoint says threat actor deploying malicious code on media sites More than 250 regional and national newspaper sites in the US have accessed malicious JavaScript that is being created by an actor known as TA569, the email security firm Proofpoint claims.
In a tweet thread, the company's Threat Insight unit said the media company that was serving as the host for this malicious code served content to its partners using JavaScript.
"The actual number of impacted hosts is known only by the impacted media company," Proofpoint tweeted.
The Librem Key comes preloaded with the PureBoot bundle to protect your firmware. While it’s good at protecting your boot firmware, that’s only some of what it can do.
You can also encrypt your computer’s file system, auto lock on removal, and encrypt local documents just to get started.
Ransomware is a booming business judging by the claim made by a founding member of the Lockbit group that he owns three restaurants in China and two in New York.
A threat researcher who goes by the pseudonym vx-underground conducted an interview with this individual who claims to be a veteran of the ransomware scene.
Lockbit was founded on 3 September 2019 and the person interviewed said it had pentesters, developers, money launderers, testers and negotiators among its members.
The individual said Lockbit was founded by a team of more than 10 people, adding that drug use was often an issue in ransomware groups, with cocaine or marijuana being the most common drugs abused.
The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.
Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K.
Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China.
The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally.
The Australian Transaction Reports and Analysis Centre says it will conduct an audit to determine whether betting companies Sportsbet and Bet365 have complied with laws governing financial crimes.
In a statement, AUSTRAC said it would appoint external auditors "under section 162 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) to assess compliance of two corporate bookmakers, Sportsbet and Hillside (Australia New Media) aka Bet365".
Egyptian President Abdel Fattah El-Sisi must free Alaa Abd El-Fattah, a British-Egyptian activist, and all human rights defenders and political prisoners detained for exercising their fundamental rights. All government representatives attending COP27 in Egypt must do everything in their power to ensure their swift release.
In a blatant violation of human rights, Alaa, along with tens of thousands of activists and dissidents has long been persecuted by a government now opening its doors to the largest climate change conference in the world — COP27. Climate change is a human rights issue, and President El-Sisi must demonstrate he takes human rights seriously.
“President El-Sisi hosting COP27 is hypocrisy incarnate,” said Marwa Fatafta, MENA Policy and Advocacy Manager at Access Now. “Alaa and activists from across Egypt exist in a human rights vacuum, but if the government of Egypt is now purporting to elevate human rights through this global climate change conference, it must seize this opportunity to free Alaa and all activists.”
Against a backdrop of persecution lasting more than 15 years, Alaa has used his body as a tool for protest. The activist stated that after an extended hunger strike, he will eliminate water from his diet beginning at the start of COP27, November 6. The human body needs water to survive.
The proposed Rogers-Shaw merger was back in the news last week as Canadian Industry minister Francois Philippe Champagne held a mid-week press conference to announce that the original deal was dead, but that a reworked deal that brings in Videotron might be a possibility if certain government expectations on restrictions on transferring spectrum licences and consumer pricing outside of Quebec were met. Keldon Bester is a co-founder of the Canadian Anti-Monopoly Project (CAMP), a fellow at the Centre for International Governance Innovation and an independent consultant and researcher working on issues of competition and monopoly power in Canada. He’s been one of the most insightful and outspoken experts on the proposed Rogers-Shaw merger and he joins the Law Bytes podcast to discuss where things stand and the big picture weaknesses of Canadian competition law and policy.
Writing each day for no other reason than just writing does not seem a good or respectful idea. It seems a bit like the guy who every night when walking into the bar picks the same song on the jukebox.
Not much to report other than we made it home. I-95S in South Carolina was a horror show, what with a segment were it took us nearly an hour to travel 3 miles, and the I-95 exit to our house was closed off, but other than that, it was a long and gruelling trip.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.