11.25.22

GNU/Linux

• Audiocasts/Shows

  • Video ☛ This Python Bot Will Teach You How To Build Itself – Invidious

    In this video you will learn from a bot how to build a Python bot that can automate the process of creating tutorials using Python and Pyautogui.

  • Going Linux ☛ Going Linux #432 · Listener Feedback

    Larry has a new toy and installs Linux, of course. Our listeners provide suggestions for distributions that Bill should try and focus on experiences as new Linux users.

  • Video ☛ Zorin OS 16.2 Core Quick overview #shorts – Invidious

    A Quick Overview of Zorin OS 16.2 Core.

  • Video ☛ Meta Gets Your Tax Info

    This week in the WeeklyNewsRoundup, tax filing websites give your tax info to Meta, Chinese hackers use Google Drive to distribute Malware, and San Francisco aims to use robots on the street that are capable of deadly force.

• Kernel Space

  • LWN ☛ Linux 5.10.156

    I'm announcing the release of the 5.10.156 kernel.
    
    All users of the 5.10 kernel series must upgrade.
    
    The updated 5.10.y git tree can be found at:
    	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y
    and can be browsed at the normal kernel.org git web browser:
    
    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
    
    thanks,
    
    greg k-h
    

  • LWN ☛ Linux 5.4.225

  • LWN ☛ Linux 4.19.267

  • LWN ☛ Linux 4.14.300

  • LWN ☛ Linux 4.9.334

• Applications

  • PowerDNS ☛ PowerDNS Recursor 4.5.12, 4.6.5 and 4.7.4 Released | PowerDNS Blog

    Today we have released a maintenance release of PowerDNS Recursor 4.5.12, 4.6.5 and 4.7.4, containing fixes for a few minor issues. In particular, RPZ IXFRs now time out if the server becomes unresponsive. For more details on the other fixes, consult the changelogs available at 4.5.12, 4.6.5, 4.7.4.

    The source tarballs (4.5.12, 4.6.5, 4.7.4) and signatures (4.5.12, 4.6.5, 4.7.4) are available from our download server. Packages for various distributions are available from our repository.

    Note that PowerDNS Recursor 4.4.x and older releases are End of Life. Consult the EOL policy for more details.

• Instructionals/Technical

  • ID Root ☛ How To Install Webinoly on Ubuntu 22.04 LTS – idroot

    In this tutorial, we will show you how to install Webinoly on Ubuntu 22.04 LTS. For those of you who didn’t know, Webinoly is a free panel for Virtual Private Servers (VPS) that appears to be an extension of EasyEngine or WordOps. With Webinoly you can in just one step optimize the LEMP web server to manage your WordPress, PHP, or simple HTML.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Webinoly on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

  • Make Use Of ☛ How to Convert Any Image to ASCII Art in the Linux Terminal

    ASCII arts are fascinating and provide a way to share images over low-bandwidth internet. Here’s how you can convert any image to ASCII art on Linux.

    ASCII art is the oldest form of image representation online and existed long before the invention of the internet. It offers an easy, low-bandwidth way of rendering a graphical representation using characters, and is an art form in its own right.

    It’s simple to convert an image into ASCII in your Linux terminal. Here’s how to get started.

  • Linux Made Simple ☛ How to install Yomi Hustle on a Chromebook

    Today we are looking at how to install Yomi Hustle on a Chromebook.

    If you have any questions, please contact us via a Rumble comment and we would be happy to assist you!

  • It’s FOSS ☛ How to Merge PDF Files in Linux – It’s FOSS

    Got several PDFs on the same subject and now you want to combine them into a single PDF?

    Or perhaps you need to upload a single file consisting of different files? Many government and academic portals require that.

    As a Linux user, if you are in a situation where you need to merge PDFs, this tutorial will help you out.

• Games

  • Positech Games ☛ Inertia scaling in Democracy 4 (new feature) – Cliffski’s Blog

    So the big question is… how long does it take for politics and society to convert someone from being hard right to hard left, or liberal to conservative? I have no definitive answer, but its a long time. Democracy 4 limits all inertia to a maximum value of 32, for technical reasons, which is 8 years. probably not long enough…

• Desktop Environments/WMs

  • GNOME Desktop/GTK

    • This Week in GNOME ☛ #71 Increased Circle – This Week in GNOME

      Update on what happened across the GNOME project in the week from November 18 to November 25.

Distributions and Operating Systems

• Open Hardware/Modding

  • Tom’s Hardware ☛ Raspberry Pi Bird Cries When Users Leave Twitter | Tom’s Hardware

    Raspberry Pi makes for a great notification platforms as it can be easily integrated with many APIs. Maker and developer Dr David Pride saw a glowing opportunity and seized the chance to make this clever Twitter-based project he dubbed “Bye-Bye Bird”. This project keeps him up to date on when his friends are leaving the social media platform with a tearful notification system.

    Dr Pride laser cut a board to resemble Twitter’s bird logo. Behind this bird is a Raspberry Pi that listens for Tweets using the #RIPTwitter hashtag. If it detects a tweet using this farewell hashtag, it triggers a system that causes the bird to release a single tear using a syringe of water.

  • Engadget ☛ Critter – Guitari’s 201 Music Synthesizer is the long-awaited successor to its Pocket Piano | Engadget

    Like the Organelle, you can actually hack together your own patches for the 201 using Pure Data or Faust, but that’s more of a nice bonus than the main selling point here. Under the hood of the 201 is a 900Mhz ARM processor with 512MB RAM, which should be plenty for most synth patches, but it’s not quite as powerful as the Organelle M. The 201 also has a built-in speaker, a 1/4-inch stereo out jack, 1/8-inch MIDI in and out, USB-A for connecting MIDI controllers, and USB-C for accessing the files on the microSD card.

  • Tom’s Hardware ☛ Raspberry Pi Pauses Ad Blocking with Big Red Button | Tom’s Hardware

    Installing ad blockers on every machine has become somewhat of a standard for modern internet users. But makers in the Raspberry Pi community have found a way to stop them at the source with the advent of Pi-Hole. This is a system designed to stop advertisements at the DNS level on your network but what if you need to let them through for a little while? That’s where maker and developer Kris from Planet Kris comes in with his Pie Stop button project.

    To dig into this project, it helps to know how Pi-Hole works. Check out our guide on how to install Pi-Hole to get an idea of what the application does and how to set it up on the Pi. Unfortunately for Kris, Pi-Hole prevented critical access to important work-related websites. He didn’t want to remove the system so he opted to devise a way to temporarily disable Pi-Hole on his network.

  • SparkFun Electronics ☛ The NVIDIA Jetson Nano is Coming Back! – News – SparkFun Electronics

    If you’ve been following or trying to get your hands on the NVIDIA Jetson Nano, then you’re probably aware that global supply chain constraints and component shortages hit hard last year. Since then, we’ve received an impressive number of backorders for our Jetson Products. Well, we’re here to deliver good news for all of you that have been waiting: We have Jetson Nanos that will be trickling in, starting after Black Friday!

    If you have a current backorder, we will do our best to get it fulfilled as soon as we can. For those who are interested in a new Jetson Nano 4GB, backorders are now open! We will make effort to keep you up-to-date on forthcoming ETAs. You may also notice the price of the Nano and its associated kits have gone up – this is unfortunately a necessary consequence of global supply chain changes. We hope you understand.

  • Arduino ☛ Designing a 3D-printed EMG bionic hand as a low-cost alternative to prosthetic limbs | Arduino Blog

    The cost of a new prosthetic arm can range from several thousand dollars to tens of thousands, putting them out of reach for many people. Ahmad Ikram recognized this need and decided to design and build a far cheaper, open source version that has myoelectric capabilities.

    To begin this project, Ikram decided upon using the InMoov 3D-printed arm design from French sculptor Gael Langevin due to it being easy to construct. The hand itself contains a single wire connected to each finger, while the other end gets wrapped around a servo motor horn so that the finger can bend whenever the serv moves. A Myoware muscle sensor is responsible for reading the electrical signals generated by muscle contractions and converting them into a readable analog voltage, which is read by an Arduino Nano’s analog pin.

• Mobile Systems/Mobile Applications

  • SamMobile ☛ Why Samsung makes the only Android tablets worth buying – SamMobile

  • USB audio routing on Chromecast not working after Android 12

  • India Times ☛ Android Apps Ban: Google asks millions to delete these four Android apps now, read here – The Economic Times

  • 9to5Google ☛ The best audio gifts for Android users

  • Forbes ☛ Android Circuit: Galaxy S23 Upgrade, OnePlus Forever, Honor Magic Vs Launched

  • 9to5Google ☛ Every Google app with an Android tablet UI [U: Home, Search]

  • Vita3K Android release is just around the corner – Droid Gamers

Free, Libre, and Open Source Software

• Events

  • Daniel Pocock ☛ Violence, sexism, racist harassment and physical abuse at FOSDEM, DebConf, FrOSCon, Debian, OSI

    FOSDEM organization is getting under way and volunteers have already started receiving anonymous threats and insults. This is not unprecedented and it is no surprise.

    At FOSDEM itself, the former president of Open Source Initiative showed the infamous slide with a cat behind bars. The woman is not a developer. She does not have money to pay developers. People don’t consent to be in these experiments. Therefore, the picture implies some force is used to impose upon developers against our will. What she has illustrated here is a concentration camp. If she displayed this slide in Germany she could be prosecuted for glorifying the holocaust.

• Productivity Software/LibreOffice/Calligra

  • LibreOffice Base can connect to an external Firebird server

• Content Management Systems (CMS)

  • Extremely minimal blogging with WriteFreely: Dissociated Press

    WriteFreely is a “distraction free” blogging platform that people can follow on Mastodon, Pleroma or other ActivityPub services.

    It’s written in Go, and consists of a single binary that you can run alone or with a MySQL backend. (Uses SQLite if you don’t opt for MySQL, which is probably just fine for a single-user setup.)

    If you just want to test it out, you can set it up and start playing with it in just a few minutes. I slapped the binary on a test server and spun it up in single user configuration in less than five minutes.

    Configuring for multiple users and blogs might be a bit more complicated, but I suspect you could set up an instance for multiple users and all the trimmings (like encryption with Let’s Encrypt and OAuth for authentication), in a few hours if you’ve got experience with such things already. A little longer if you’re new to system administration.

    You can also opt to sign up for an inexpensive WriteFreely account or even multi-user hosting with your own domain.

• Programming/Development

  • Jussi Pakkanen ☛ Nibble Stew: Experimenting on how to add CMYK and color management to Cairo

    Cairo is an amazing piece of tech that powers a lot of stuff, like all of GTK. Unfortunately it is not without its problems. The biggest one being that it was designed almost 20 years ago with the main use case of dealing with “good old” 8 bit uncalibrated RGB images. There has been a lot of interest in adding native support for things like CMYK documents, linear RGB, color calibration, wide gamuts and all of that good stuff. Sadly it has not come to be.

    The reasons are mostly the same as always. The project is sadly understaffed and there does not seem to be a corporate sponsor to really drive the development forward. What makes things extra difficult is that Cairo supports a lot of different platforms like Postscript, Win32, Quartz and SVG. So if someone wants to add new features in Cairo, not only do they need to understand how color math works and how to do C, they would also need to handle all the various backends. That is a rare combination of skills. In any case the patchset needed to make all that happen would be enormous and thus hard to get reviewed and merged.

  • Earthly ☛ An Ultimate Guide to Kubernetes Role-Based Access Control – Earthly Blog

    Kubernetes has many resources and components that must be kept out of reach of certain users and service accounts. Resources such as secrets have to be encrypted and have strict access. If everyone in a company who has access to the cluster is given limitless power when using the cluster; this is dangerous because Kubernetes secrets and keys can be stolen and used inappropriately. Mostly, anyone can change the cluster’s configurations, and it will be hard to know who made changes in case of vulnerability detection.

  • Carlos Becker ☛ GoReleaser v1 — one year later

    Since v1.0.0, we continue making steady progress towards making it easier to release increasingly more complex projects, with increasingly more integrations, and with good defaults — especially regarding security and supply chain, thanks to our friends at Sigstore and Anchore.

  • Always use [closed, open) intervals. A programmer’s perspective

    Intervals or ranges pop-up everywhere in the programming world. The classic example is picking a start and end date, like you would when booking an AirBnB or a flight. But that’s just one example: from slicing a JS Array, to Java’s List#sublist and even SQL’s LIMIT operator, ranges are everywhere.

    Have you ever wondered why they are always implemented as [closed, open) as opposed to [closed, closed]?

  • Ignore RuboCop changes in Git Blame

    Have you ever run git blame, looked at the commit for a line, and seen some big refactoring or formatting commit? It’s so frustrating not to be able to find the useful context on changes when this happens. When adding StandardRB or RuboCop, or when making changes to your .rubocop.yml configuration, you’ll probably end up with a large commit like this that doesn’t include valuable context when spelunking history.

  • SusamPal ☛ C Quines – Susam Pal

    A quine is a computer program that produces an exact copy of its own source code as its output. It must not consume any input, so tricks involving reading its own source code and printing it are not permitted.

  • Perl / Raku

    • Eagle’s Path: podlators 5.00 (2022-11-25)

      podlators is my collection of POD formatting modules, which generate *roff or text (possibly with escape sequence markup) from the documentation format used by Perl and some other packages.

      This is a major release, the biggest since the Pod::Simple rewrite in 2005. The headline news is that after some fairly extensive investigation, this release of Pod::Man finally changes the default output format to Unicode. No more replacement of characters in people’s names, or text in non-English languages, with ugly X characters! There is a new encoding option to set the output encoding, and new options groff (which uses the groff extension for Unicode code points and is the default on EBCDIC systmes) and roff (which does the old, broken X substitution).

      Since this was a major backward-incompatible change, I also finally removed most of the formatting touch-ups that Pod::Man tried to do for troff output but which would be invisible for the (by far more commonly used) nroff output. These have been an endless source of bugs and are very difficult to maintain, most of them were of marginal utility, and I am dubious many people are using troff to print Perl manual pages these days instead of, say, printing the rendered output from one of the many excellent POD to HTML modules.

    • Perl ☛ This Week in PSC (088) | Perl Steering Council [blogs.perl.org]

      A smaller-than-usual meeting because of the US Holiday; only Paul and Philippe today.

• Standards/Consortia

  • Tom MacWright ☛ Web technology optimism hour

    It’s too easy lately to get into a very pessimistic mood about technology. Between the developer energy wasted on crypto, which has produced negative real-world value, the wider downturn in tech stocks, and the often-antagonistic interactions between developers on Twitter and elsewhere, the vibes can be bad.

    [...]

    In the two and a half years since I wrote second-guessing the modern web, framework developers have been chipping away at those problems.

    Both Remix, which went from a paid-product indie startup to a VC-backed startup to an acquisition by Shopify, and Next have rolled out techniques to render more of the application on the backend. Next uses React Server Rendering, a very confusing but promising technology. Remix is pushing people to use patterns with React that can work without client-side JavaScript, in a way that mirrors some of the techniques from Ruby on Rails, like “progressively enhancing” form submissions to use AJAX instead of full-page refreshes.

Leftovers

• Taking the 100 Days to Offload challenge · 🤠 Major Hayden

  While scrolling through toots in my Mastodon account recently, I stumbled upon the #100DaysToOffload hashtag. That led me to the 100 Days To Offload challenge.
  The challenge looks very straightforward: write 100 posts within one year on your blog. There’s no prize involved other than being able to share your ideas with others.
  However, one problem stands in my way: I’m suffering from some serious writer’s block.

• Liliputing ☛ Lilbits: Run Palm Pilot apps in your browser with the Internet Archive’s emulator – Liliputing

  The Internet Archive manages to keep internet history alive by offering backups of millions of web pages and other content, including many pages that are no longer available in their original forms.

  But the Internet Archive is also an online library that offers access to plenty of other content, including music, videos, and (somewhat controversially) eBooks. You can also find old computer games… and now you can relive your earlier professional career by running Palm Pilot apps (and games) in a browser.

• Proprietary

  • Vermaden ☛ SAP Copy Paste with Mouse Buttons | 𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗

    For some unknown reason for me – some genius at SAP decided – that to copy a record/field from their SAP interface – you need to first press [CTRL]+[Y] keys and then [CTRL]+[C]. Do not ask me where is logic in that.

• Security

  • LWN ☛ Security updates for Friday [LWN.net]

    Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff).

  • Top 8 Free Tools for security testing and audit of your Kubernetes cluster in 2022

    Docker is a technology for containerization, while Kubernetes is a tool for orchestrating container deployments. In the subsequent subsections, we will discuss a variety of open-source tools that really are useful for securing Kubernetes clusters. These open source tools involve code snippets that will help with static scanning of Docker images, security auditing, hardening Kubernetes clusters, and incorporating runtime security. Some of the most popular Kubernetes clusters managed by cloud providers include AWS EKS, Azure AKS, and Google CKE. The following is a list of open source tools that may be used to do security scans and that can be incorporated into your CI/CD pipeline in order to analyze images while your apps are being built:

  • Introduction to MITRE ATT-CK – Featuring Version 12 (2022)

    Have you ever wondered how to create a prioritized list of threat actors? Or identify what malicious tactics and techniques are most relevant? Or what security controls should be improved first? The MITRE ATT&CK Framework can help. Version 12 has just been released and this blog will help you understand what the Framework is and what’s new.

  • Data Swamp ☛ Solene’% : Hard user separation with two NixOS as one

    This blog post is a republication of the article I published on my employer’s blog under CC BY 4.0. I’m grateful to be allowed to publish NixOS related content there, but also to be able to reuse it here!

  • Privacy/Surveillance

    • Stacey on IoT ☛ Podcast: Alexa’s drama and our holiday gift guide

      The biggest news in the internet of things this week was the staggering story about Amazon’s Alexa business being responsible for the majority of an estimated $10 billion loss in the year ahead. So Kevin and I discuss what Amazon pulling back on Alexa might look like and what it means for voice and the smart home. Then we talk about how a newly available Amazon device signals Amazon’s problem and the potential solutions to that problem. After talking about voice, we take a look at a new controller from Aqara that uses gestures and share our thoughts about the form factor. After all our user interaction talk, we then cover some news, such as the FIDO Alliance planning to work on security and authentication issues for the IoT, Google’s plans for aggregating fitness data, and a new dev kit from T-Mobile. We also talk about new devices from Wyze and Firewalla. Finally, we answer a listener’s question about connecting LED fairy lights. Then it’s time to talk about the holidays.

    • Stacey on IoT ☛ IoT news of the week for Nov. 18, 2022 – Stacey on IoT | Internet of Things news and analysis

      If you want a chance to opine on the Federal Trade Commission’s advance notice of proposed rulemaking (ANPR) on commercial surveillance and data security, then sharpen your pencils, because Monday is the deadline for comments.

      [...]

      They signal the direction the agency is leaning and ask for comments. In the case of surveillance tech, the FTC is asking how companies surveil customers, what harms may accrue from that surveillance, how aware consumers are when it comes to that surveillance, and more. Go read the document to get a sense of how important this issue is today and how important it will continue to be going forward.

• Environment

  • Wildlife/Nature

    • The Ancient Japanese Technique That Produces Lumber Without Cutting Tr | DSF Antique Jewelry

      Daisugi is an ancient Japanese forestry technique in which planted cedars are pruned in a special way to produce “shoots” that eventually become perfect, straight, knot-free lumber.

      This is an ancient method, developed in the 14th century, which was originally used by people living in the Kitayama region of Japan because saplings were lacking.

      The terrain in the region is very mountainous, and the steep slopes make planting and caring for trees very difficult, so arborists used the daisugi technique not only to reduce the number of plantations but also to produce denser wood in a much shorter time.

• Finance

  • Grayscale Bitcoin Trust suffers due to FTX collapse and doubts over reserves

    Grayscale Bitcoin Trust (GBTC), the largest publicly traded crypto fund, hit record lows in the wake of the FTX collapse. The fund was trading at nearly a 50% discount on the underlying Bitcoin asset, as holders rushed to sell off their GBTC holdings.

    This was not helped by Grayscale’s response to those in crypto who were pushing Grayscale to follow suit with some other crypto platforms and publish proof of reserves. Grayscale announced that “due to security concerns, we do not make such on-chain wallet information and confirmation information publicly available through a cryptographic Proof-of-Reserve, or other advanced cryptographic accounting procedure”. They did not elaborate on what these “security concerns” might be, and stoked fears in some that the company might not have the backing they ought to have.

  • CoryDoctorow ☛ Citizens United and the FTX meltdown

    The collapse of the FTX cryptocurrency exchange and its affiliated businesses has left a million creditors holding the bag for a chaotically managed, corrupt enterprise that created vast personal fortunes for the conspirators who ran it, even as it stole the life’s savings of retail investors who bought into its lies.

    Could the unsuspecting public have been shielded from the FTX Ponzi scheme? Hindsight is 20/20, but there’s good reason to believe that FTX could have been brought down in a controlled glide, rather than a nose-first crash landing and ensuing fireball.

• Digital Restrictions (DRM)

  • Stacey on IoT ☛ Sonos eyes hardware subscriptions to broaden customer base

    “This isn’t a very compelling subscription service,” Tzuo wrote, adding that he would have preferred that the company include additional service features on top of device rentals. As he put it, “Automatic equipment upgrades just don’t cut it anymore.”

  • [Repeat] CoryDoctorow ☛ Even if you’re paying for the product, you’re still the product

    There’s something oddly comforting about the idea that “if you’re not paying for the product, you’re the product,” namely, the corollary: “If you can afford to pay for a product, you won’t be the product.” But it’s bullshit. Companies don’t make you the product because you don’t pay – they make you the product because you can’t stop them.

    The theory behind “if you’re not paying for the product…” is that old economist’s saw: “incentives matter.” Companies that monetize attention are incentivized to manipulate and spy on you, while companies that you pay just want to make you happy.

    This is a theory of corporate behavior grounded in economics, not power, a creature of theory and doctrine that never bothers to check in with the real world to see how that theory and doctrine map to actual events. Reality is a lot uglier.

  • FSFE ☛ The universal right to install any software on any device

Gemini* and Gopher

• Technical

  • Finished

    Batteries are finally in. I ended up going a different route to the one planned in my last post; it turns out that it’s actually quite hard to get an AC-coupled battery system that permits the solar PV to keep running when the grid is down. I found an article describing four different “levels” of grid independence; actually getting someone to fit, say, “Manual Whole House Backup” is just… difficult.

  • Internet/Gemini

    • Re: What I like and dislike about Gemini

      Its all the parts of SmallWeb that makes it so easy to consume. Especially when you’re viewing from a mobile device. Everyone has the same experience.

  • Programming

    • `BIOMASS::getWoodDensity()` description

      I looked through the code for the getWoodDensity() function from the {BIOMASS} R package[1], to get a better idea of how it estimates tree wood density.

    • Woes of python module system

      We all love that for every ugly problem in the world there is Python module that mostly solves it, but lets talk about details of module system. What exactly happens when Python executes “import foo.bar.baz”? As you can guess, answer is much more complicated than “find foo/bar/baz.py under some directory in sys.path and load it, if it wasn’t loaded already”.