The OSMC team would like to wish you a Merry Christmas. We hope you're enjoying the festive break and watching lots of TV with OSMC.
We're readying a small update to keep things running smoothly and will release this in the next few days with Kodi v19.5. We are already working hard on the impending Kodi v20 release.
In this video I cover the latest information about the lastpass data breach.
It seems like we can't go more than a few weeks without Manjaro giving me something fun to talk about and being used as a counter example of what should be done with a distro and GNOME is no exception
Intel open-source engineers are working hard on developing a new graphics driver to replace the twenty-year-old i915 driver.
Intel open-source i915 graphics driver to be replaced with new, Xe-based graphics kernel for better optimization and broader adoption in previous architectures
The i915 graphics driver was initially introduced during the 915G Northbridge chipset generation. Now, developers are looking into updating the i915 graphics kernel with a Xe-based kernel graphics driver that will help support integrated and discrete Intel graphics cards with an estimated launch as quickly as next year.
Unlike traditional Linux terminal emulators, Terminator lets you run as many terminal sessions as you want, all at the same time.
Terminator is a terminal emulator that lets you work on multiple terminal sessions in a single window. It is a handy tool for system administrators and other users who deal with configurations and management of multiple systems.
In Terminator, you can split, switch and arrange terminals in a grid, create tabs, rename terminal sessions, configure key bindings, and much more. The best part about Terminator is that it lets you send your input to multiple terminal sessions simultaneously.
Let’s see how to install and use Terminator to run multiple terminals in one window.
An electronic book (commonly abbreviated e-book) is a text and image-based publication which can be read on a computer or other digital devices such as an e-book reader.
The rise of multimedia digital downloads in recent years has been truly extraordinary. The impact has been so great in respect of digital music downloads. Digital music accounted for half of the all the revenue generated by the music industry in 2016 and amounted to a total of 7.8 billion U.S. dollars that year. Over the years, many music labels stopped releasing singles on a physical format. We do not foresee that major book publishing companies will abandon paperbacks. However, the expansion of digital downloads equally applies to books. The biggest booksellers have reported that they sell more digital books than paperbacks.
Digital books are well established. Project Gutenberg, an online library of books that can be downloaded free of charge, has been expanding its collection since 1971. Almost its entire library consists of books that are available in the public domain, although there are a few copyright texts which are also included.
This brief tutorial explains how to find the size of a directory in Linux operating systems. Finding the size of files and directories in graphical mode is very easy! All we have to do is just right click on the file or directory, and choose the properties option from the context menu. However, it is equally important to know how to check directory size from CLI mode as well.
ProFTPD is a feature-rich FTP daemon for Linux and Unix-based OSes. Here's how you can set it up on Ubuntu.
File Transfer Protocol (FTP) is a popular lightweight protocol used to transfer files over a network. Although it is an efficient mechanism for the transmission of data, there is one drawback to it: the data is transmitted and received in plain text. This means the data transfer is unencrypted, and it can be compromised.
Modern FTP servers such as ProFTPD allow support for SSL/TLS. This makes the file transfer between the two systems not only efficient but also safe by adding a security element. Let’s explore how to install and set up ProFTPD with TLS on Ubuntu 22.04.
In this tutorial, we will show you how to install Mono on Ubuntu 22.04 LTS. For those of you who didn’t know, Mono is an open-source project that was developed by Xamarin (now owned by Microsoft) to provide a .NET framework-compatible set of tools for Linux, macOS, and other platforms. It allows developers to build and run .NET applications on non-Windows platforms. This includes support for .NET libraries and frameworks, such as ASP.NET and WPF.
This article explains how to install and configure Tomcat 10 on Ubuntu 22.04.
Just before Christmas, Valve and their partners have crossed a new milestone with 7000 games (Verified and Playable) on the Steam Deck!
DDNet ran the Advent of DDNet 2022 for the first time this year. The event just ended and the results are out! I hope everyone had fun playing these maps, got to see new parts of DDNet and met new people in the community.
This was a spontaneous idea by heinrich5991, which we started implementing in the evening before December 1. Huge thanks to our testing co-leader Pipou for modifying maps for the event! Thanks to Patiga for the map scaling, mirroring, and rotating tools, thanks to louis and nothing for helping with picking maps!
After months of hard work, the Manjaro Linux team announced today the release of Manjaro Linux 22.0 “Sikaris” as the latest version of this widespread Arch Linux-based distribution for the masses bringing some of the most exciting GNU/Linux and Open Source software.
Coming six months after the Manjaro Linux 21.3 “Ruah” release, Manjaro Linux 22.0 “Sikaris” is powered by the just-released Linux 6.1 kernel series for the best possible hardware support at the moment of writing and features the amazing Xfce 4.18 desktop environment for its flagship edition. This probably makes Manjaro Linux the first stable distro release to ship with both Linux 6.1 and Xfce 4.18.
The KDE Plasma and GNOME editions received the latest KDE Plasma 5.26.4 desktop environment update, which is accompanied by the recently released KDE Frameworks 5.101 and KDE Gear 22.12 software suites for the best Plasma desktop experience possible, as well as the latest GNOME 43.2 desktop environment update, which looks gorgeous with its dark theme and a dock at the bottom of the screen.
As part of what has become an annual holiday tradition, several YouTube makers coordinated their efforts this year for a Secret Santa exchange. Returning participant James Bruton drew Emily the Engineer and found inspiration for his gift from an automatic boxing glove that she built. Taking that idea and running with it, he created a pair of Rock ‘Em Sock ‘Em Robots that can drive around and compete in real-life bouts.
The two 3D-printed robots, which are obviously red and blue, roam around on two driven wheels and punch with massive fists. That fists attach magnetically to automatic reciprocating punching mechanisms very similar to the one Emily the Engineer designed. If one robot pilot is able to punch the fist off of the opposing robot, they win the round. To kick off another round, all the players have to do is snap the fist back onto the magnetic mount.
Let's talk about how to develop an open sourcerer mindset.
Very much like any other open source developer who has a great passion, I have been dreaming about doing open source full-time to make a living.
Google Chrome is a popular web browser that is widely used for accessing the internet. It is known for its fast performance, security features, and support for a wide range of web technologies. If you want to use Google Chrome on your Ubuntu or Debian system, you can install it using the steps described in this article.
There are two methods for installing Google Chrome on Ubuntu and Debian: using the official Google Chrome repository and downloading the Debian package from the Google Chrome website. In this article, we will cover both methods.
The Dev channel is being updated to OS version: 15278.0.0, Browser version: 110.0.5464.0 for most ChromeOS devices.
The Beta channel is being updated to 109.0.5414.41 (Platform version: 15236.35.0) for most ChromeOS devices. This build contains a number of bug fixes and security updates.
LTS-102 is being updated in the LTS channel to 102.0.5005.193 (Platform Version: 14695.166.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.
The dev channel has been updated to 110.0.5478.4 for Windows, Linux and 110.0.5478.5 for Mac.
We've just released Chrome Dev 110 (110.0.5476.3) for Android. It's now available on Google Play.
You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.
The Beta channel has been updated to 109.0.5414.46 for Windows, Mac and Linux.
The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
Pgpool-II is a tool to add useful features to PostgreSQL, including:
- connection pooling - load balancing - automatic failover and more.
The CloudNativePG Community has released a new update for the supported 1.18, 1.17 and 1.16 versions of the CloudNativePG Operator.
Last week, OpenAI released version 2 of an updated neural net called Whisper that approaches human level robustness and accuracy on speech recognition. You can now directly call from R a C/C++ inference engine which allow you to transcribe .wav audio files.
Given binary data, we often need to encode it as ASCII text. Email and much of the web effectively works in this manner.
A popular format for this purpose is base64. With Muà âa, we showed that we could achieve excellent speed using vector instructions on commodity processors (2018, 2020). However, base64 is a bit tricky.
A much simpler format is just base16. E.g., you just transcribe each byte into two bytes representing the value in hexadecimal notation. Thus the byte value 1 becomes the two bytes ’01’. The byte value 255 becomes ‘FF’, and so forth. In other words, you use one byte (or one character) per ‘nibble’: a byte is made of two nibbles: the most-significant 4 bits and the least-significant 4 bits.
This is a refreshed & expanded copy of a very old page I hosted outside of this blog. I recently ran into “silent NaNs” again, and thought it might be a good idea to republish this advice here.
The 10th edition of the ROS-Industrial Conference took place on December 15-16, 2022 in Stuttgart, Germany and remotely. During the conference, 55 participants present in Stuttgart and an online audience of more than 200 people attended 17 talks in six sessions. The goal of the conference was to show and discuss what currently is possible in the ROS2 ecosystem when it comes to industrial applications.
This October I was fortunate enough to attend ROSCon with fellow colleagues Jerry Tower and Michael Ripperger in beautiful Kyoto, Japan. By luck, it just so happened that the month-long trip I booked to Japan one year ago lined up with Japan's borders opening and the conference's location and dates. Now that I'm back in America and have my work and personal business back in order, I'd like to share with you my ROSCon 2022 experience.
With an attendance of approximately 800 ROS developers ranging from absolute beginners to seasoned industry and academia experts, there was something for everyone at ROSCon. The panels were particularly useful to better understand the current state of ROS, ROS2, future plans, and concerns of the community. I found the presentations about integrating CANopen with ROS 2 in addition to the development work on a ROS 2 simulator with the Unreal Engine 4 interesting as well.
The line of death, as Eric Lawrence explained in a classic blog post, is the idea that an application should separate trustworthy UI from untrusted content. The typical example is in a web browser, where untrustworthy web content appears below the browser toolbar UI. Trustworthy content provided by the web browser must appear either in the browser toolbar, or anchored to it or overlapping it. If this separation is maintained, then untrusted content can’t spoof the trustworthy browser UI to trick or attack the user.
Though the line of death has been an axiom of browser security for years, it’s losing relevance in modern browsers, and fortunately being replaced by more effective patterns for some attacks.
The line of death principle is a bit antiquated. First of all, I’m not aware of any research to support that it’s effective. In fact I’m not aware of much research about it at all. There’s plenty of research and practical experience to show that phishing is effective, picture-in-picture attacks are effective, and security indicators in the URL bar are misunderstood. There’s also some research on operating system equivalents to the line of death (thanks to Stuart Schechter for the pointer). But I’m not aware of any research that focuses on the line of death concept in browsers specifically. For example, I’d like to see a study looking at whether users perceive a dialog anchored to the browser toolbar differently than an identical dialog shown by web content. (Please send me pointers!) In the absence of usability studies, my intuition is that the line of death is simply a foreign, incomprehensible idea to many, many browser users.
The R Consortium caught up with Elio Campitelli, organizer of the R en Buenos Aires Group in Buenos Aires, Argentina, to talk about their experience leading a group with almost 1,000 members. Elio discusses their early exposure to programming, the group’s special interest in R and social sciences, and plans on building a compiled list of Latin American R packages in 2023.
This is the second post of the series “Hillshade, colors and marginal plots with tidyterra”. In this post I would explore an approach for annotating marginal plots to a ggplot2 map of a SpatRaster, including information of the values by longitude and latitude. See the first post of the series here.
We have recently started building HTML reference manuals for each package in the R-universe! For packages that have had an update in the past 3 weeks, the reference manual is now linked from the package homepage on R-universe.dev. All packages in the R-universe are rebuilt at least once per month, so soon all packages should have an online HTML manual. You can also find reference manuals for base-R packages.
This blog post aims to give a brief introduction to R7, a new R package for OOP in R. It’s not a tutorial on how to write code using R7 - the documentation provides great instructions for getting started if you’re already ready to start programming in R7.
I’ve been seeing a lot of hot takes on if one should do data science in R or in Python. I’ll comment generally on the topic, and then add my own myopic gear-head micro benchmark.
I’ll jump in: If learning the language is the big step: then you are a beginner in the data science field. So the right choice is: work with others and use the tools they are most able to teach you.
After that there are other considerations: what/who are you working with or integrating with. If you are working with statisticians, likely they will want R. If you are working with software engineers, likely they will want Python. If you are actually adding value in terms of translating business needs, picking machine learning models, methods for organizing data, designing experiments, controlling for bias, reducing variance: then programming is the least of your worries.
In a year as eventful as 2022 was in the real world, it is a good idea to look back to see what one might have missed while life was messing with your (Raku) plans.
Rakudo saw about 1500 commits this year, about the same as the year before that. Many of these were bug fixes and performance improvements, which you would normally not notice. But there were also commits that actually added features to the Raku Programming Language. So it feels like a good idea to actually mention those more in depth.
So here goes! Unless otherwise noted, all of these changes are in language level 6.d, and available thanks to several Rakudo compiler releases during 2022.
Svilen Rangelov sports an impressive beard. It's eight years' worth of growth he says. The beard dates back to when he and his younger brother, an aerospace engineer by training, formed Dronamics as Europe's answer to the emerging market for cargo drones. He agreed with his brother Konstantin that they would shave their beards only after the first flight of the drone they've been building in their native Bulgaria. At the time he established Dronamics big tech giants like Amazon were experimenting with drone deliveries to domestic addresses. But Mr Rangelov never believed in the concept of personal goods delivered by the drone. The practical difficulties of flying a drone right up to someone's front door were obvious to Mr Rangelov. "We couldn't buy into the concept of small drones. We took a different approach."
Why do we give our passwords to third parties when we have built-in password management?
A few days ago LastPass admitted that unknown attackers copied their “vault data.” It certainly doesn’t help that LastPass failed to clarify which parts of the vaults are encrypted and which are not. LastPass support adds to the confusion by stating that password notes aren’t encrypted which I’m quite certain is wrong.
In fact, it’s pretty easy to view your own LastPass data. And it shows that barely anything changed since I wrote about their “encrypted vault” myth four years go. Passwords, account and user names, as well as password notes are encrypted. Everything else: not so much. Page addresses are merely hex-encoded and various metadata fields are just plain text.
[...]
As I’ve already established in the previous article, decrypting LastPass data is possible but expensive. Nobody will do that for all the millions of LastPass accounts.
But the unencrypted metadata allows prioritizing. Someone with access to admin.bigcorp.com? And this account has also been updated recently? Clearly someone who is worth the effort.
And it’s not only that. Merely knowing who has the account where exposes users to phishing attacks for example. The attackers now know exactly who has an account with a particular bank, so they can send them phishing emails for that exact bank.
The goal is to move away from initrd images being generated on the installed machine. They are generated while building the kernel package instead, then shipped as part of a unified kernel image. A unified kernel image is an all-in-one efi binary containing kernel, initrd, cmdline and signature....
In 2015, a teenage boy stumbled across a strange metal object while playing football. Lisoka Lesasuyan, 13, had unwittingly found a mortar fuze.
“It exploded in his hands,” his father Lawan tells me as we sit on the outskirts of Dol Dol, a dust swept settlement three hours drive down dirt roads from a UK military barracks in Kenya. “After the blast, the British army came and took the debris and gave him first aid.”
Lisoka is perched nervously next to his dad, wearing a white shawl to disguise his injuries.
The damage was so severe that Lisoka lost both arms below the elbow. His right eye was gouged out by shrapnel, and his chest covered in burns.
I’ve written about Lisoka’s story several times before, but it’s the first time we’ve met. He was keen to see me and got up at 3am to start walking towards Dol Dol. Apparently it’s too dangerous for foreigners to visit his village without armed security.
There’s a severe drought in northern Kenya – some areas haven’t had rain for two years. People are starving and some resort to shooting passing cars to steal water. It’s an incredibly difficult environment for anyone to live in, let alone a double amputee.
"The AUKUS nuclear submarine project will bleed the Australian Defence Force white", on top of the billions in annual Defence spending waste, reports Rex Patrick.
The internet is, in many ways, built on fraudulent measurement. Measuring article and video views keep the wheels of online advertising spinning, while counting likes, faves, etc, constitute an insidious drip of “engagement” that has us all opening apps when we should know better. But some metrics are stupider than others, and Twitter’s new public view count for tweets is definitely one of them.
[...]
This disparity between view counts, likes, and retweets is already being highlighted by users. “the view count is genuinely about to ruin mutuals cause if i ask a question and no one replies but that shit got 50 views im killing everyone and myself,” tweeted user @eternalcurse, dispassionately. “this ‘view count’ thing is the dumbest feature in twitter history. hey here’s the number of people who saw your tweet and completely ignored it. does that make you feel good is that useful to you,” observed @capybaroness.
[...]
Twitter is big, open, and ever-flowing. These qualities offer a freedom similar to the anonymity of the city. At its best, it means you can just watch life flow by on the timeline and just... say whatever comes into your brain. And as others have noted before now, the site becomes truly horrible when you reach a certain level of fame, either through a single viral tweet or a gauche and sustained commitment to gaining followers. That’s when the hordes arrive at your door, eager to misinterpret you in whatever way they can. But when it’s just you and a few mutuals tweeting into the void it is — dare I say it — quite fun.
All of this helps explain why public view counts are such a bad idea. They’re bad because they turn every tweet into an event. Counting views create potential for failure, comparison, scrutiny, and analysis. Instead of tweeting into the void, it encourages us all to become brand managers of our own life (as if the pressure to do so wasn’t already there); engagement hustlers trying to strike it lucky with our next #THREAD and summaries of financial advice and impending technological revolution. Indeed, it’s perhaps no coincidence that public tweet views encourage us to become exactly the sort of people who seem to actively enjoy Elon Musk’s new Twitter; one where you can pay for priority. In short, adding view counts will do to Twitter what they have already done to YouTube.
In the lead up to, during, and following the 2022 U.S. midterm elections, Mandiant identified information operations activity from various foreign state-aligned campaigns, including those we assessed to be operating in the interests of Russia, the People’s Republic of China (PRC), and Iran. U.S. midterm elections present a more diffuse set of potential targets than a presidential election, and we observed information operations employing narrative strategies shaped by this dynamic (Figure 1). These operations differ in various ways; however, we note that they all appeared to be somewhat limited in the level of effort dedicated to election-related messaging and/or in potential reach to mainstream audiences based on observed activity, though we note that such operations’ impact is difficult to measure. While the activity identified in this report does not represent a comprehensive accounting of information operations targeting the midterms, we note some broad observations based on newly identified and previously reported operations contextualized within the wider view of relevant information operations activity observed throughout this elections cycle...
No matter how hard conservative culture-war cannon-fodder love big business, it will never love them back. Take network policy, where rural turkeys in Red State America keep on voting for Christmas, then profess outrage when Old Farmer Comcast gets to sharpening his ax.
For two years, the FCC has been hamstrung because MAGA Senators refuse to confirm Gigi Sohn, leaving the Commission with only four commissioners. What do the GOP have against Sohn? Well, to hear them tell of it, she's some kind of radical Marxist who will undermine free enterprise and replace the internet with tin cans and string.
The reality is that Sohn favors policies that will specifically and substantially benefit the rural Americans whose senators who refuse to confirm her. For example, Sohn favors municipal fiber provision, which low-information conservatives have been trained to reflexively reject: "Get your government out of my internet!"
Boy, are they ever wrong. The private sector sucks at providing network connectivity, especially in rural places. The cable companies and phone companies have divided up the USA like the Pope dividing up the "New World," setting out exclusive, non-competing territories that get worse service than anyone else in the wealthy world. Americans pay some of the highest prices for the lowest speeds of any OECD nation.
What struck me is how awful the radio is! Regardless of your views of current music, everything from the advertisements to the DJs themselves were obnoxious. Was it always this grim, or have I become desensitised?
But for the real observation here: at least half of the songs we heard were remakes! In a one hour sitting we heard rebaked Eiffel 65, Mark Morrison, Elton John, and Fleetwood Mac. They introduced new lyrics, recycled hooks, or only went as far as adding new backing drum loops.
Today’s post starts with the most-read posts, which have a strong Bill C-11 emphasis alongside posts on Bill C-18, online harms, and the Rogers outage during the summer.
This week’s Law Bytes podcast features a look at the year in review along with some guesses at what lies ahead. Yesterday I highlighted the top ten posts on this site and the series of looking back wraps up today with the most streamed or downloaded Law Bytes podcast episodes of the year. Bill C-11 once again leads the way, though there are episodes on privacy, security, Bill C-18, the invocation of the Emergencies Act, and copyright.
It’s easy to get in trouble when we assume that the other person will understand (or be able to deduce) what we feel. Most people love hearing things explicitly and clearly.
There’s a scene early on in Howl's Moving Castle where Howl gets his hair messed up and his potion collection engarbled and Sophie, who is responsible for the mess, says “What a pretty color” and “Come on, it’s not that bad. You should look at it now, this shade is even better” in order to comfort him.
It’s maybe not the best example since she’s lived through worse on her own, and she used similar thoughts as a coping mechanism, telling herself “You’re still in good shape, and your clothes finally suit you”.
After a brief pause in sound playback, my speakers make a popping sound. My operating system is Manjaro Linux 22.0 "Sikaris".
I believe the underlying cause is that the PulseAudio service puts my audio hardware to sleep.
In principle, I would like to increase the timeout so that my sound card stays powered for longer periods after playing a sound.
Unfortunately, I only found instructions for disabling the suspend-on-idle module. I searched for information on timeouts, but I only found information relating to PipeWire. I don't believe the PipeWire instructions apply to me.
I have been participating in an annual work-internal project contest (we call it Pet Project contest) since I moved to London and switched jobs to my current employer. I am very happy to say that I won a "silver" prize last week here ðŸŽâ . Over the last couple of years I have been a finalist in this contest six times and won some kind of prize five times. Some of my projects were also released as open source software. One had a magazine article published, and for another one I wrote an article on my employer's engineering blog. If you have followed all my posts on this blog (the one you are currently reading), then you have probably figured out what these projects were:
As a regular participant in the annual Pet Project competition at work, I always try to find a project where I can learn something new. In this post, I would like to share my takeaways after revisiting Java.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.