Bonum Certa Men Certa

Links 07/01/2023: Gajim 1.6.0 and Many Security Incidents



  • GNU/Linux

    • Desktop/Laptop

      • TalospaceYour X Server May No Longer Swing Both Ways By Default

        A new change to Xorg will now prohibit automatic byteswapping in the X server by default. A client connecting to a server that advertises a different endianness will be kicked off with an error. If you want this support, you'll either need to pass +byteswappedclients on the command line to the X server, or put "AllowByteSwappedClients" "on" in the Options stanza in your xorg.conf. This is also a change request for Fedora 38 which of this writing is still proposed and not accepted.

      • QtCompiling QML to C++: A 4x speedup

        However, today I'll go out on a limb and show you a piece of code that gets 4 times faster by compiling it to C++. Consider the following little QML program: [...]

    • Kernel Space

      • 9to5LinuxUbuntu Users Get Massive Kernel Security Updates, More Than 20 Vulnerabilities Patched

        The new kernel security updates are available for Ubuntu 22.10 (Kinetic Kudu), Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as Ubuntu 16.04 and Ubuntu 14.04 ESM (Extended Security Maintenance) releases.

        The most critical security vulnerability patched in these massive Ubuntu kernel updates is CVE-2022-2663, a flaw discovered by David Leadbeater in the netfilter IRC protocol tracking implementation that could allow a remote attacker to cause a denial of service or bypass firewall filtering. This affects all Ubuntu flavors except for Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15.

      • SyncactivEscaping from bhyve

        Back in 2017, I wrote a paper in Phrack magazine about a VM escape in Qemu. The vulnerabilities were present in two network card device emulators: RTL8139 and PCNET. After the publication of Reno Robert's paper on the same Phrack issue about a couple of VM escape in bhyve, I decided to audit the code of the available network device emulators.

        The bug in the AMD PCNET emulator is related to a checksum inserted beyond the limit of the allocated buffer. I found a similar bug in the PCI E82545 emulator where the UDP packet checksum is inserted at a controlled index. In the following, I will present how I turned a two-bytes stack-based overflow into code execution.

    • Applications

      • Gajim 1.6.0 - Gajim

        For Gajim 1.6.0 we ported Gajim’s and python-nbxmpp’s underlying HTTP library to libsoup3. Also, audio previews now look nicer and allow for more control (playback speed, jumping). We fixed emoji rendering on MacOS and we implemented many fixes under the hood. Thank you for all your contributions!

    • Instructionals/Technical

      • ID RootHow To Install CPU-X on Ubuntu 22.04 LTS - idroot

        In this tutorial, we will show you how to install CPU-X on Ubuntu 22.04 LTS. For those of you who didn’t know, CPU-X is a free and open-source utility for Linux and other Unix-like operating systems that displays information about the system’s CPU (Central Processing Unit) and other hardware components. It is similar to the “lscpu” And “lshw” command-line utilities, but it provides a graphical interface that is easier to use for most users. Some of the information that CPU-X displays includes:

      • Manuel MatuzovicDay 75: font palettes

        Apparently, multicolored typefaces on the web are a thing. You can use and modify them in CSS.

      • University of TorontoSetting alerts is a chance to figure out what you really care about

        My quick solution was to also push the total number of data disk partitions into Prometheus and then only alert on too-few spares if we had partitions at all. However, we're in the process of upgrading fileservers from 2 TB SATA SSDs to 4 TB SATA SSDs, which have eight standard sized partitions instead of four, and so soon a mere four spare partitions will be inadequate on some fileservers. This set me to thinking about what additional data about partition usage we might want to push into metrics, and what exactly we should be alerting on. The question of what condition (or conditions) we should be alerting on for remaining spares is really a question of what we really care about in this situation.

      • APNICBGP in 2022 – the routing table

        At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.

      • Raspberry PiBut we’re absolute beginners – how to set up your Raspberry Pi

        We like new users around here because one of Raspberry Pi’s main goals is to make computing accessible for everyone. So we created a simple step-by-step tutorial to make sure you don’t get stuck at the first hurdle and leave your Raspberry Pi languishing in a drawer somewhere. They don’t like being stuck in drawers.

      • IT TavernSSH - run script or command at login

        There a multiple use cases to run a script on login. Configuration, starting services, logging, sending a notification, and so on. I want to show you different ways to do so.

      • HowTo ForgeHow To Migrate ISPConfig 2, ISPConfig 3.x, Confixx or Plesk to ISPConfig 3.2 (single server)

        In this howto, well show how to use the ISPConfig Migration Tool 2.0 to migrate a single server to a new ISPConfig 3.1 server.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Nate GrahamThis week in KDE: big UI improvements! - Adventures in Linux and KDE

          New Features



          In KolourPaint, you can now choose the quality level when saving an image in the AVIF, HEIF, and HEIC file formats (me: nate Graham, KolourPaint 23.04. Link)

          In the Media Player widget, you can now swipe up/down to change the volume, and left/right to change the playback position (Fushan Wen, Plasma 5.27. Link)

          User Interface Improvements



          Elisa now includes a few more popular radio stations by default (Someone going by the pseudonym “fanick1”, Elisa 23.04. Link)

          System Settings’ Shortcuts page now features a significantly more obvious and useful UI for adding custom commands! (Bharadwaj Raju, Plasma 5.27. Link)...
  • Distributions and Operating Systems

    • Unicorn MediaWhy Nitrux Linux 2.6.0 Isn’t for Everybody and Doesn’t Try to Be

      Developers announced on Monday the release of Nitrux 2.6.0, code named “ff.” To paraphrase something that the folks at a certain cigarette company used to say, this new Nitrux isn’t for everybody.

      Nitrux is a Linux distribution based on Debian’s unstable branch, with additional packages from Ubuntu LTS repositories. Its default desktop environment is NX Desktop, which is basically KDE Plasma enhanced with what it calls “plasmoids” to fit with the developers sense of aesthetics and functionality, some of which is made necessary by the distro’s increasingly unorthodox approach to software management.

  • Free, Libre, and Open Source Software

    • OpenSource.comUnlock academic research with this open source open access tool for librarians

      Western University chose to use the bepress repository but there are many other repositories including open source ones that are even easier to augment. This is where the open source community could really help. If all universities that already have repos use aperta-accessum on their own campuses, most academic papers will be free for anyone that wants to access them. That could be a powerful force for accelerating innovation.

      The aperta-accessum source code housed on the Open Science Framework is released under the GNU General Public License (GPL) 3.0. It can be freely modified. You can learn more about it in the open-access study in the Journal of Librarianship and Scholarly Communication. In the article, we show that in the administrative time needed to make a single document OA manually, aperta-accessum can process approximately five entire departments' worth of peer-reviewed articles!

    • Linux LinksBest Free and Open Source Visual Automation Tools

      This article looks at software which provides a graphical user interface for automating desktop tasks. Tasks can be recorded as they are performed by the user or can be selected from a list. The output of the previous action can become the input to the next action.

      This type of software can be a real boon to productivity. The software saves time and effort over human intervention.

      Here’s our verdict captured in a legendary LinuxLinks ratings chart. We only feature free and open source software here.

    • SaaS/Back End/Databases

      • OtterTuneDatabases in 2022: A Year in Review

        Another year has gone by, and I’m still alive. As such, it is an excellent time to reflect on what happened in the world of databases last year. It was quiet in the streets as the benchmark wars between DBMS vendors have quieted down. I had fun writing last year’s retrospective, so I am excited to share with you the things that stand out from 2022 and my thoughts on them.

    • Productivity Software/LibreOffice/Calligra

      • Libcpucycleslibcpucycles

        libcpucycles is a public-domain microlibrary for counting CPU cycles. Cycle counts are not as detailed as Falk diagrams but are the most precise timers available to typical software; they are central tools used in understanding and improving software performance.

    • Licensing / Legal

      • Burkhard StubertUsing Qt 6 under LGPLv3

        The Qt Company changed Qt licensing in February 2022. All the separate commercial packages – including Qt for MCU, Qt Safe Renderer, Qt Automotive Suite and Qt Automation – were folded into two Qt for Device Creation licenses: Professional and Enterprise. The Qt Marketplace license for modules like CoAP, MQTT, Charts and for the design tool bridges was discontinued. My post helps you answer the crucial question: Shall you use Qt Commercial or Qt LGPL-3.0?

      • Creative CommonsCreative Commons (CC) Certificate: available in French and Spanish!

        Creative Commons proudly presents the latest translations of the CC Certificate course content. Thanks to the translation efforts of CC Certificate graduates and additional translators below, a total of 569 million people will have access to the educational resources in their native languages. These published works enable 493 million native Spanish speakers and 76 million native French speakers to access translations in their languages — not to mention others who have Spanish or French as a second language.

    • Openness/Sharing/Collaboration

      • Open Data

        • Fernando BorrettiA Brief Defense of XML

          XML is precisely what it says on the tin: an extensible markup language. It’s a markup language with a completely uniform syntax so that the alphabet of markup elements is customizable. And for what it is, there is truly no replacement. Every other markup language supports only a limited set of markup directives defined from the factory. The tradeoff is generality for ease of authoring: limited markup languages can have terser syntax for specific elements.

          So why did XML come to be used as a data exchange language? Partly because, despite its roots in SGML (the Common Lisp of markup languages), the creators advertised it as a general format to exchange any digital information.

    • Programming/Development

      • Anders BorchWhy Principle Of Least Privilege Is Bad

        Let's apply this principle where it makes sense. Where the risk and severity of an incident is really high. Let's back off when it comes to employee productivity and happiness.

        Attacks on production servers is really costly for businesses.

        Employee churn is really costly for businesses.

        Keep both of those in mind before considering introducing principle of least privilege.

      • RlangFind the next number in the sequence

        Given a sequence of n real numbers f(x1), f(x2), f(x3), ... , f(xn), there is always a mathematical procedure to find the next number f(x n+1) of the sequence. The resulting solution may not appear to be satisfying to students, but it is mathematically logical.

      • ChannableParallel streaming in Haskell: Part 1 - Fast, efficient, and fun!

        Over the last 2 years, we moved our inherently sequential data processing engine, written in Haskell, to a parallel version. Running the parallel version of our system barely increases CPU time, while the wall time (time from start to end) is significantly reduced.

        This post explains how we parallelized our system without incurring any significant overhead costs, allowing us to linearly speed-up our workloads with the number of cores available (up to a plateau, see plot below). We had the following requirements for our design: [...]

      • New York Times‘Consciousness’ in Robots Was Once Taboo. Now It’s the Last Word.

        This kind of intelligence, if possible to create, would be flexible and fast. It would be as good in a tight situation as humans — better, even. And as machine learning grew more powerful, this goal seemed to become realizable. Dr. Lipson earned tenure, and his reputation as a creative and ambitious engineer grew. So, over the past couple of years, he began to articulate his fundamental motivation for doing all this work. He began to say the c-word out loud: He wants to create conscious robots.

      • Adolfo OchagavíaChunking strings in Elixir: how difficult can it be?

        This week I finished my contract for Seamly1, where I spent 7 months developing a SaaS messaging platform for customer service in Elixir. The project was incredibly interesting, so in our last conversation I asked if they would mind me sharing a “war story” with the world. They gladly agreed, so here goes an account of my dealings with unicode, performance tuning and Rust-based NIFs. Enjoy!

      • ButtondownMicrofeatures I'd like to see in more languages ● Buttondown

        There are roughly three classes of language features: Features that the language is effectively designed around, such that you can’t add it after the fact...

      • 00fPerformance of WebAssembly runtimes in 2023

        Using libsodium in a web browser has been possible since 2013, thanks to the excellent Emscripten project.

        Since then, WebAssembly was introduced. A more efficient way to run code not originally written in JavaScript in a web browser.

        And libsodium added first-class support for WebAssembly in 2017. On web browsers supporting it, and in allowed contexts allowing it, that gave a nice speed boost. Like JavaScript, the same code could seamlessly run on multiple platforms.

        Also like JavaScript, applications started to use WebAssembly server-side. Still like JavaScript, and ignoring bugs in runtime implementations, it doesn’t allow untrusted code to read or write memory outside of a sandbox. That alone makes it a compelling choice for application plug-ins, function-as-a-service services, smart contracts and more.

        In 2019, support for a new WebAssembly target (wasm32-wasi) was added to libsodium, making it possible to use the library outside web browsers, even without a JavaScript engine.

        As of today, multiple runtimes support wasm32-wasi, but on the same platform, the same code can run with very different performance across runtimes.

        Benchmarking abilities for wasm32-wasi were thus added to libsodium.

        This benchmark proved to be more representative of real-world performance than micro-benchmarks. Sure, libsodium is a crypto library. But the diversity of the primitives being measured exercises the vast majority of optimizations implemented (or not) by WebAssembly runtimes/compilers/JITs, and this benchmark turns out to be a good representative of real-world applications.

        Since its introduction, the libsodium benchmark has been widely used by runtimes to improve their optimization pipelines, by researchers to measure the impact of experiments on WebAssembly, and by users to pick the best runtimes for their workload.

        But it’s been a while since results were published here. Meanwhile, runtimes have improved, so an update was overdue.

      • Parallelizing C++ using Execution Policies | Azeem Bande-Ali | Engineering Manager

        C++17 support for Execution Policies for "algorithms" provides a powerful tool to parallelize your code.

      • You Want Modules, Not Microservices

        Dissecting why everybody keeps talking about microservices.

  • Leftovers

    • Ali Reza HayatiAim for freedom tech

      If you’re a software/hardware person or a techie, you surely can help developing tools to help people not only in Iran, but every other place or people needing tools to access basic available daily stuff such as a social network or a communication tool or even reading an article and getting information. You can contact your friends discussing the needs and required tools to get started. The simplest act can be running Snowflake extensions and help people connecting to free [Internet] using Tor.

    • Hardware

      • CNX SoftwareSub-$5 Cavli C16QS CAT1.bis cellular IoT module features Qualcomm QCX216 modem [Ed: Attaching connectivity to more surveillance devices on the cheap]

        Qualcomm QCX216 LTE IoT modem was announced at the end of last year as one of the first solutions supporting the new CAT1.bis standard enabling smaller, simpler, and cheaper modules with a single antenna design. This chip also integrates a WiFi scanner exclusively used for indoor positioning.

    • Health/Nutrition/Agriculture

      • FuturismStudy Finds That Buttons In Cars Are Safer And Quicker To Use Than Touchscreens

        Many automakers are getting rid of good ol’ fashioned buttons and switches these days, in favor of touchscreen infotainment systems. Now, new evidence shows those touchscreens are far less safe and efficient than the old school alternative, according to the findings of Swedish car magazine Vi Bilägare.

      • Helsinki TimesBiodiversity of bee population critical for ecosystems: Research

        In the first study of its kind, Rutgers determined how many more species of bees are required over the long term to maintain crop production.

        Scientists said in a report just published in the journal Nature Ecology & Evolution that the biodiversity of the bee population is essential to preserving the ecosystem function of crop pollination, which is crucial to the availability of food for humans.

      • YLEUS approves honey bee vaccine developed in Finland

        Developed in Finland, the vaccine works against a bacterial condition known as American foulbrood disease that attacks bee larvae.

      • BBCUS approves world’s first vaccine for declining honey bees

        It was engineered to prevent fatalities from American foulbrood disease, a bacterial condition known to weaken colonies by attacking bee larvae.

        The US Department of Agriculture (USDA) approved a conditional license for the vaccine this week, according to the biotech firm behind its development.

      • NPRA biotech firm says the U.S. has approved its vaccine for honeybees

        The disease is caused by Paenibacillus larvae, a type of bacteria that affects the bee's larvae. The vaccine contains some of that bacteria, and it will be mixed in with the royal jelly, which worker bees secrete from their heads and then feed to the queen and larvae. When the queen eats the jelly, she will ingest fragments of the vaccine that will grant her offspring some immunity against the bacteria.

        The vaccine is not genetically modified and can be used in organic agriculture, Dalan Animal Health said.

      • AxiosUSDA approves world's first vaccine for honeybees

        Zoom in: "One-third of the global food supply relies on pollination, and healthy commercial hives are essential to secure high crop yields," Dalan noted in a statement.

      • New York TimesThe Crisis in Youth Suicide

        Along with suicides, since 2011, there’s been nearly a 400 percent increase nationally in suicide attempts by self-poisoning among young people. “Suicide attempts by the young have quadrupled over six years, and that is likely an undercount,” said Henry A. Spiller, director of the Central Ohio Poison Center, who called the trend “devastating.” “These are just the ones that show up in the E.R.”

        Had any other fatal or potentially fatal condition leapfrogged like this, the resulting alarm would surely have initiated a frantic search for its cause and cure. But too often suicide attempts and deaths by suicide, especially among the young, become family secrets that are not investigated and dealt with in ways that might protect others from a similar fate.

      • UpworthyIt's getting harder to deny the damage that social media is doing to teenage girls

        Evidence shows that there is real reason to be concerned about the effect that social media has on young girls. Over the past few decades, there has been a concerted effort to point out the damage that unrealistic body images in advertising and in magazines have had on the psyches of young women, but little acknowledgment of the same kind of negativity on social media.

        Let’s hope that the research done by psychologists such as Dr. Twenge inspires a shift in consciousness so that we begin to look at social media with the same scrutiny as traditional media.

    • Proprietary

    • Security

      • Broadband BreakfastCES 2023: Cybersecurity for IoT Devices Should be Market-Driven

        Cybersecurity protocols for Internet of Things devices should be industry-driven, Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, said Friday at the Consumer Electronics Show 2023.

      • Scoop News GroupCar hackers discover vulnerabilities that could let them hijack millions of vehicles

        >The vulnerabilities could let attackers remotely track, stop or control a car — even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems.

        In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. The vulnerabilities affected Ford, Toyota, Mercedes, BMW, Porsche, Ferrari and others.

      • Port SwiggerCar companies massively exposed to web vulnerabilities

        In a detailed report, security researcher Sam Curry laid out vulnerabilities that run the gamut from information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping the engines of cars. The findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem.

      • Privacy/Surveillance

      • Confidentiality

        • [Repeat] OSTechNixAn Easy Way To Encrypt And Decrypt Files From Commandline Using GnuPG In Linux

          Today, we are going to see how to encrypt and decrypt files from command line in Linux using a free utility named GNU Privacy Guard (shortly GPG or GnuPG).

          There are, of course, plethora of methods, and applications are available to encrypt and decrypt files in Linux. But, encrypting and decrypting files with GnuPG is the easiest method.

    • Defence/Aggression

      • France24Record 45,000 migrants crossed English Channel to UK last year

        The issue has become a huge political problem for the Conservative government, which has promised to bring down illegal immigration and break the smuggling gangs that carry out the crossings.

        In total, 45,756 people made the dangerous small-boat crossing of one of the world's busiest shipping lanes last year, compared with 28,526 in 2021.

    • Environment

      • Energy/Transportation

        • MIT Technology ReviewWhy 2023 is a breakout year for batteries

          So when the new year rolled around and we here at MIT Technology Review started to work on a series called “What’s Next in Tech,” I knew exactly what I wanted to write about. The result went live this morning—check it out for all my predictions on what’s going to be important this year in battery technology. And for the newsletter this week, let’s dive a bit deeper on batteries’ role in climate action, why I think they’re so exciting, and where the technology is going.

        • Jacobin MagazineNew York City’s Public Transit Is Broken. It Doesn’t Have to Be.

          America’s largest public transit system is unreliable and often decrepit. Socialist state legislator Zohran Mamdani says that can change. We spoke to Mamdani about his proposal to fully fund city transit, increase service, freeze fares, and make buses free.

        • In 2022, web3 went just great - Molly White

          Come, reminisce with me.

    • Finance

      • MWL2022 Income Sources

        First and foremost, I want to draw attention to income through my web site. Direct sales, 18.57%. Direct Patronizers, 6.34%. Sponsorships, 5.33%, and direct preorders, 2.38%. Taken all together, 32.62% of my income coming from sales through my web site.

      • FAIRPaul Hudson on Airline Meltdown, Melissa Crow on Asylum Policy
      • Why the super rich are inevitable

        Many of us assume it's because some people make better financial decisions. But what if this isn't true? What if the economy – our economy – is designed to create a few super rich people?

        That's what mathematicians argue in something called the Yard-sale model, and I promise it has something to do with my dumb watch purchase.

    • AstroTurf/Lobbying/Politics

      • Scoop News GroupFCC proposes stronger data breach rules, faster notifications for telecoms

        The law would also update the definition of a breach under the law to include inadvertent exposure of customer information, not just outside [breaches].

        Current FCC rules require that carriers that have more than 5,000 customers notify the FCC of a data breach within seven days of discovery, while breaches affecting fewer than 5,000 customers must be reported no later than 30 days.

      • SecurepairsGov. Hochul Got It Wrong on Cybersecurity And Repair

        Governor Hochul’s long awaited signature making the Digital Fair Repair Act law is a victory for the many individuals and organizations who have been pushing for the enactment of right to repair laws. It also definitively marks an end to an eight year winning streak by manufacturers and Big Tech firms who, since 2014, have prevented more than 100 pieces of legislation in 40 states from even being voted on by a legislature, let alone signed into law by a governor.

        Make no mistake about it: passage of the Digital Fair Repair Act is a watershed and a huge victory for right to repair advocates and a big “L” for technology and manufacturing monopolies that are looking to extend their control over aftermarket parts, service and repair. We should all be happy to see it pass into law.

      • India TimesGermany tells Elon Musk it expects Twitter to fight disinformation

        Digital and Transport Minister Volker Wissing, who was in California at the start of 2023, told Musk that Germany expects Twitter to voluntarily comply with commitments to fight disinformation, a spokesperson for the ministry said.

      • Misinformation/Disinformation/Propaganda

        • NBCA fake tweet spurred an anti-vaccine harassment campaign against a doctor

          Solenkova hadn’t deleted the tweet. In fact, she hadn’t written it at all. It was what misinformation researchers call a “cheap fake,” a term for a piece of fake media such as an image or video that takes little effort to produce. Someone had clumsily altered one of Solenkova’s posts to portray a blind, even deadly, zealotry for Covid vaccines and a vilification of anti-vaccine activists.

    • Censorship/Free Speech

      • VOA NewsIran Warns France About 'Insulting' Khamenei Cartoons

        Iran warned France on Wednesday of consequences after satirical magazine Charlie Hebdo published cartoons depicting supreme leader Ayatollah Ali Khamenei that Tehran deemed to be insulting.

        The weekly magazine had published dozens of cartoons ridiculing the highest religious and political figure in the Islamic republic as part of a competition it launched in December in support of the three-month-old protest movement in Iran.

      • TechdirtIf You Don’t Want EU Style Censorship To Take Over The Internet, Support Section 230

        But all of this is why Americans — and American tech companies — really should strongly embrace Section 230. Section 230 is, in many ways, the anti-DSA. Even as a bunch of very ignorant, very foolish people insist that Section 230 was how the US government pressured internet companies to “censor,” the opposite is true.

        Section 230 gives companies the freedom to moderate how they want, without fear of facing liability or regulatory pressure for their decisions and non-decisions. Take that away, and suddenly lawmakers and bureaucrats — and anyone who can file a lawsuit — gain tremendous power to suppress speech. With 230, the companies get to decide, and if there are people who disagree with them, their options are to take their business elsewhere, not to create a legal punishment for the company.

        But the DSA approach is vastly different. It starts from a stance that the government needs to be hovering over companies, with the ever-present threat of punishment for making (vaguely described) “bad” decisions. And that, by its very nature, leads to much more widespread actual censorship, because the companies feel compelled to suppress speech to avoid state enforcement and punishment.

      • Foreign PolicyIn Australia, Pro-Democracy Students Aren’t Safe From China’s Reach

        A 2021 Human Rights Watch report documented the uniquely pernicious reach of the CCP at Australian universities. Sophie McNeill, the author of the report, told Foreign Policy that she has observed “a clear correlation between this over-reliance on these full fee-paying students and universities turning a blind eye to these issues surrounding the academic freedom of Chinese students and staff working on China.” The report observed that this over-reliance has created problems not only for censorship and self-censorship in the classroom but also for peer-led harassment and intimidation of pro-democracy students.

        The report noted that Chinese students studying abroad are a “new focus” for the party, who may “influence and ‘call on’” students to promote its causes and positions. Despite residing overseas, these informal diaspora networks can make it difficult for Chinese students at Australian universities to escape the long arm of the CCP.

    • Freedom of Information / Freedom of the Press

      • VOA NewsMedia: Iran Arrests Journalist Who Interviewed Inmates' Families

        Iranian authorities have arrested a journalist who published interviews with families of death row inmates sentenced in connection with nationwide protests, the reformist daily Etemad said Friday.

        Fourteen Iranians have been sentenced to death in connection with the unrest triggered by Mahsa Amini's death in custody on September 16.

        Morality police in Tehran arrested the 22-year-old Iranian Kurd for an alleged breach of the Islamic republic's dress code for women.

      • Deutsche WelleSouth Sudan journalists detained over viral video

        Six people working with South Sudan's national broadcaster have been arrested in connection with a viral video that showed President Salva Kiir wetting himself during an official event, the Union of Journalists of South Sudan (UJOSS) said in a statement on Friday.

        Footage by the South Sudan Broadcasting Corporation (SSBC) showed the 71-year-old president standing during the national anthem at an opening ceremony in December in the capital Juba in which he appears to be urinating on himself.

        The six SSBC staffers were arrested on Tuesday after the video went viral.

      • Deutsche WelleIran: Journalist employed by reformist newspaper arrested

        Iranian authorities arrested a journalist employed by the reformist Etemad newspaper, the publication and his wife said Friday.

        Mehdi Beikoghli was taken into custody on Thursday, with his personal belongings such as computer and notebook seized by authorities. Beikoghli is the head of the politics department at the paper.

        He reported on the families of death row prisoners who were being punished for their involvement in anti-government protests.

    • Civil Rights/Policing

      • New York TimesU.S. Moves to Bar Noncompete Agreements in Labor Contracts

        The proposed rule would ban provisions of labor contracts known as noncompete agreements, which prevent workers from leaving for a competitor or starting a competing business for months or years after their employment, often within a certain geographic area. The agreements have applied to workers as varied as sandwich makers, hairstylists, doctors and software engineers.

      • FAIRThe Right Turns Anti-LGBTQ Hate Up to 11

        Last summer, while waiting for coffee at a diner in what I’ll just call a small town, I overheard three older men complaining about how schools are forcing children to swap genders. A server responded, “You’re not even allowed to talk about this anymore.” I thought to myself, “A, you’re talking about it right now, and B, where’s my coffee?”

    • Internet Policy/Net Neutrality

    • Monopolies

      • The Rise of Monolithic Software.

        We used to have software ecosystems of reusable components. Today we have a world of walled-garden monolithic software. What do I mean by that, and how did we get here?

      • Copyrights

        • Smithsonian MagazineThese Works Are Now in the Public Domain

          Besides, she adds, “1927 was a long time ago.” When works from 1927 enter the public domain after a 95-year wait, “anyone can rescue them from obscurity and make them available, where we can all discover, enjoy and breathe new life into them.”

          Sherlock aside, we’re getting access to a rich variety of books, songs and films in 2023. Here are a few highlights: [...]

  • Gemini* and Gopher

    • Personal

      • Theophany!

        The Theophany is the baptism of Jesus Christ by John the Forerunner in the Jordan river. We celebrate the revealing of the Holy Trinity, where God the Son is baptized, God the Holy Spirit descends in the shape of a dove, and God the Father speaks through the clouds. The word 'theophany' means "the appearance of a deity", where God appears in space and time in front of people.

    • Technical

      • Science

        • Hard Determinism

          Hard determinism, as described in the book, states that everything is determined by past events. It is not clear from the book if it's meant to be applied only to the physical world, beings' behaviour, or both, but it treats only human behaviour.

          Applied to human behaviour, the idea holds that we have no effect in future events, because we cannot do anything other than what we're predetermined to do, essentially meaning that we have no free will.

      • Internet/Gemini

        • “The street finds its own uses for things.”

          I'm not familiar with the “was a bee and a half” idiom, but I suspect it means something like “annoying,” given the context. And if supporting Gemini was “annoying” then why even continue with it? The issues brought up, like the lack of per-page language support, were found by people trying to use Gemini, finding issues, and solving the issues. It would have been easy for most of the issues to be ignored, thanks to Gemini's “simplicity of implementatin _über alles_.” That would not have been a good idea long term, and thus, Gemini gets complex.

          And Gemini mentions aren't mandatory, just like not every website supports webmentions [3]. Don't like it? Don't bother with it. Taken to the limit, “I really hope does not happen” applied to Gemini means Gemini doesn't exist (and there are plenty of people who questioned the concept of Gemini).


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024