Bonum Certa Men Certa

Links 07/04/2023: Kubuntu 23.04 Beta Released and Barry Kauler Adds Flatpak Installer



  • GNU/Linux

    • Kernel Space

      • LWNUser-space shadow stacks (maybe) for 6.4

        Support for shadow stacks on the x86 architecture has been long in coming; LWN first covered this work in 2018. After five years and numerous versions, though, it would appear that user-space shadow stacks on x86 might just be supported in the 6.4 kernel release. Getting there has required a few changes since we last caught up with this work in early 2022.

        Shadow stacks are a defense against return-oriented programming (ROP) attacks, as well as others that target a process's call stack. The shadow stack itself is a hardware-maintained copy of the return addresses pushed onto the call stack with each function call. Any attack that corrupts the call stack will be unable to change the shadow stack to match; as a result, the corruption will be detected at function-return time and the process terminated before the attacker can take control. The above-linked 2022 article has more details on how x86 shadow stacks, in particular, work.

      • LWNThe curious case of O_DIRECTORY|O_CREAT

        The open() system call offers a number of flags that modify its behavior; not all combinations of those flags make sense in a single call. It turns out, though, that the kernel has responded in a surprising way to the combination of O_CREAT and O_DIRECTORY for a long time. After a 2020 change made that response even more surprising, it seems likely that this behavior will soon be fixed, resulting in a rare user-visible semantic change to a core system call.

        The O_CREAT flag requests that open() create a regular file if the named path doesn't exist (adding O_EXCL will cause the call to fail if the path does exist). O_DIRECTORY, instead, indicates that the call should only succeed if the path exists and is a directory. It is not possible to create a directory with open(); that is what mkdir() is for. So the combination of O_CREAT and O_DIRECTORY requests the kernel to create a directory (which is supposed to already exist) as a regular file — which clearly does not make sense.

    • Applications

      • Harald SitterFirefox and KeePassXC Flatpaks

        Flatpaks are amazing and all that. But application sandboxing, so an application cannot do anything it wants, is a challenge – even more so when you have two applications that need to talk to each other. Perhaps it shouldn’t come as a surprise that native-messaging sandboxing support for Flatpak has been in development for over a year. To celebrate its anniversary I thought I’d write down how to drill a native-messaging sized hole into the sandbox. This enables the use of native messaging even without portal integration, albeit also without sane degrees of sandboxing.

        First off, please understand that this undermines the sandbox on a fairly fundamental level. So, don’t do this if you don’t keep your Firefox updated or visit particularly dodgy websites.

      • 9to5LinuxOpenShot 3.1 Open-Source Video Editor Released with Improved Profiles, More

        Coming fourth months after OpenShot 3.0, the OpenShot 3.1 update is mostly a bugfix and stability release. It improves the profiles by adding more than 400 export profiles and a new Profile UI, improves the Undo / Redo system, including grouping actions, and improves the Preview & Split Clip dialog to correct aspect ratio and sample rate.

        OpenShot 3.1 also comes with a huge Time Re-mapping update that includes improvements to audio resampling, bezier curve audio support, as well as better support for backwards audio, an improved Caption effect that now offers better VTT support and smaller text by default, and improved keyboard bindings, especially for the arrow keys.

    • Instructionals/Technical

      • It's FOSSA Quick Guide to Install and Play GOG Games on Linux

        Want to access and play GOG games on Linux? Here's how to do that.

      • TecMint12 Ping Command Examples to Test Your Network

        Ping is a simple, widely used, cross-platform networking utility for testing if a host is reachable on an Internet Protocol (IP) network. It works by sending a series of Internet Control Message Protocol (ICMP)

      • TecMint9 Practical Examples of Tail Command in Linux

        As Linux users, we often work with long-running background Linux processes, which are called daemons or services. Some of the common examples of the services are Secure Shell (sshd), Network Manager (networkd), Volume Manager

      • TecMint10 SCP Commands to Transfer Files/Folders in Linux

        Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not common to be installed. SSH may be the most popular protocol to enable Linux

      • TecMint21 Tar Command Examples in Linux

        The Linux "tar" stands for tape archive, which is used by a large number of Linux/Unix system administrators to deal with tape drive backup in Linux. The tar command in Linux is used to

      • TecMintHow to Open, Extract and Create RAR Files in Linux

        RAR is the most popular tool for creating and extracting compressed archive (.rar) files. When we download an archive file from the web, we required a rar tool to extract them.

      • How to use MOTD in Ubuntu 22.04 | 20.04 Linux or any version

        Learn how to show a custom message upon login Ubuntu 22.04 / 20.04 server or desktop to users on the command terminal using the MOTD file.

        MOTD is a simple text file in a Linux system that is used to display some custom text message on login using the command line locally or SSH. MOTD’s full form is “Message of the Day”. The necessity of this simple MOTD is to display some alert, important information such as system maintenance, security updates, or any other relevant message to Linux users by the Admin.

        Suppose you have a couple of Linux systems in your office and want to display important info to all users upon their login in such a case MOTD can be a quite useful tool.

        The file used by the MOTD is generally located under the /etc directory of the Linux which can be edited manually to display custom messages. If you have scripting knowledge then can display dynamically generate messages.

      • Make Use Of4 Ways to Fix OpenShot Crashing on Ubuntu

        It is extremely frustrating when you want to edit a video but OpenShot keeps crashing. Unfortunately, many Ubuntu users encounter this issue with OpenShot because of things like corrupt video files or misconfigured preferences.

        You might be wondering how you can prevent OpenShot from crashing on Ubuntu. Luckily, these issues with OpenShot are easy to fix once you know the right troubleshooting methods.

      • GhacksTired of Windows? Here is how to try Linux Mint

        Linux Mint is a well-known Linux distribution that offers users the chance to try it before they install it. In this guide, we will explain how to try Linux Mint and, if you like it, how to replace Windows with it.

        Linux Mint is a free and open-source operating system that is designed to be user-friendly and easy to use. It is based on Ubuntu, and it comes in three desktop environments: Cinnamon, MATE, and Xfce. It offers a number of features and applications that make it a great choice for both new and experienced users.

        These features include the ability to customize the desktop, a software manager that makes it easy to find and install new software, and a wide range of applications for everything from browsing the web to editing documents. Linux Mint is also known for its stability, security, and reliability.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Kubuntu Lunar Lobster (23.04) Beta Released

          The beta of Kubuntu Lunar Lobster (to become 23.04 in April) has now been released, and is available for download.

          This milestone features images for Kubuntu and other Ubuntu flavours.

          Pre-releases of Kubuntu Lunar Lobster are not recommended for...

        • Volker KrauseBranching KDE PIM for the final phase of the Qt 6 port

          After KDE Frameworks branched in January and Plasma followed in February to enter the final phase of the transition to Qt 6, KDE PIM is following now. The approach taken here might also be applicable for other KDE Gear modules.

          KDE PIM Sprint

          Coordination and planning for this happened at the KDE PIM sprint in Toulouse last weekend, see also Kévin’s report about this.

      • GNOME Desktop/GTK

  • Distributions and Operating Systems

    • It's FOSSCachyOS: Arch-based Distro for Speed and Ease of Use

      Arch Linux is suitable for advanced users looking for a challenge to use Linux on their system.

      However, many Arch-based distributions have made it possible for new users to get into the distribution family by making things easier. Options like Garuda Linux, Manjaro Linux, and others make it convenient for new users.

      And one of the exciting options among them is CachyOS.

      Well, you might already know about blendOS (which is also an Arch-based distro, still in the works). It is not remotely similar, but if you are exploring Arch-based distros, you can check it out.

  • Free, Libre, and Open Source Software

    • FSF

      • GNUhealth @ Savannah: GNU Health Hospital Management patchset 4.2.1 released

        Dear community GNU Health 4.2.1 patchset has been released ! Priority: High

        Table of Contents
        • About GNU Health Patchsets
        • Updating your system with the GNUHealth control Center
        • Installation notes
        • List of other issues related to this patchset
        About GNU Health Patchsets
        We provide "patchsets" to stable releases. Patchsets allow applying bug fixes and updates on production systems. Always try to keep your production system up-to-date with the latest patches. Patches and Patchsets maximize uptime for production systems, and keep your system updated, without the need to do a whole installation. NOTE: Patchsets are applied on previously installed systems only. For new, fresh installations, download and install the whole tarball (ie, gnuhealth-4.2.1.tar.gz)

        Updating your system with the GNU Health control Center
        Starting GNU Health 3.x series, you can do automatic updates on the GNU Health HMIS kernel and modules using the GNU Health control center program. Please refer to the administration manual section ( https://en.wikibooks.org/wiki/GNU_Health/Control_Center ) The GNU Health control center works on standard installations (those done following the installation manual on wikibooks). Don't use it if you use an alternative method or if your distribution does not follow the GNU Health packaging guidelines.

        Installation Notes
        You must apply previous patchsets before installing this patchset. If your patchset level is 4.2.1, then just follow the general instructions. You can find the patchsets at GNU Health main download site at GNU.org (https://ftp.gnu.org/gnu/health/) In most cases, GNU Health Control center (gnuhealth-control) takes care of applying the patches for you.€  Pre-requisites for upgrade to 4.2.1: None Now follow the general instructions at € https://en.wikibooks.org/wiki/GNU_Health/Control_Center €  After applying the patches, make a full update of your GNU Health database as explained in the documentation. When running "gnuhealth-control" for the first time, you will see the following message: "Please restart now the update with the new control center" Please do so. Restart the process and the update will continue.

        • Restart the GNU Health server
        List of other issues and tasks related to this patchset
        • bug€ #64014: Update gender identity in patient evaluations and reports
        • bug€ #64009: Include signing health professional and avoid scrolling in patient evaluation
        • bug€ #64007: Summary report is not using FreeFonts family
        • bug€ #63993: Python-sql error on patient evaluation report
        Update gender identity in patient evaluations and reports For detailed information about each issue, you can visit : € https://savannah.gnu.org/bugs/?group=health About each task, you can visit: € https://savannah.gnu.org/task/?group=health For detailed information you can read about Patches and Patchsets
      • https://en.wikibooks.org/wiki/GNU_Health/Patches_and_Patchsets
    • Programming/Development

      • Build faster with Buck2: Our open source build system

        Buck2, Meta’s open source large-scale build system, is now publicly available via the Buck2 website and the Buck2 GitHub repository. While it shares some commonalities with other build systems (like Buck1 and Bazel), Buck2 is a from-scratch rewrite. Buck2 features a complete separation of the core and language-specific rules, with increased parallelism, integration with remote execution and virtual file systems, and a redesigned console output. All of these changes are aimed at helping engineers and developers spend less time waiting, and more time iterating on their code.

      • Yuan Yijun: More cli fun

        When Secure Boot is enabled, the "akmods-nvidia" package will build and install kmod-nvidia that is not usable right away. Previously I followed some documents to run a cli script to "sign the modules" but it stopped working recently.

  • Leftovers

    • Proprietary

    • Security

      • LWNSecurity updates for Friday [LWN.net]

        Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).

      • Culbertson Memorial Hospital hit by cyber-attack

        Culbertson Memorial Hospital officials reported Friday the hospital had been the victim of a cyber-attack last week.

        Officials stated they discovered a network disruption at 3 a.m. March 30 that required information systems to be taken offline.

        “This action disabled access to most functions while we investigated the activity,” Culbertson CEO Gregg Snyder said in a statement released Friday afternoon. “We immediately retained third-party specialists to assist us with our investigation.”

      • Bankok PostSuspected hacker 'a soldier'

        A hacker who claimed to have obtained the personal data of 55 million Thais is an army officer who appears to have acted alone, authorities said yesterday.

        Chaiwut Thanakamanusorn, minister of Digital Economy and Society, and Pol Lt Gen Worawat Watnakhonbancha, chief of the Cyber Crime Investigation Bureau (CCIB), held a press conference yesterday amid reports that the suspect and his wife had been detained.

      • Tom's HardwareMSI Confirms Cyberattack, Advises Caution With Firmware

        Gaming hardware manufacturer MSI confirmed today that it was the victim of a cyberattack. In a brief statement on its website, the company said that the attack hit "part of its information systems," which have since returned to regular operations.

        The company advises its customers only to get BIOS and firmware updates from the MSI website and no other sources. It's light on details, saying that after "detecting network anomalies," MSI implemented "defense mechanisms and carried out recovery measures," and then informed the the government and law enforcement.

      • BloombergProskauer Cyber Attack Left Sensitive Client Data Unguarded

        A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday.

        “Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a Proskauer spokeswoman, said via email.

        The breach, which the firm called the result of a cyber attack, was first reported by TechCrunch. Data containing financial and legal documents, contracts, non-disclosure agreements and financial deals were released in the leak, according to the report.

      • Data BreachesAspire Public Schools reveals 2022 breach; Rochester Public Schools dealing with current attack

        Aspire Public Schools in California submitted notifications to at least two state attorneys general. According to its notification, Aspire learned that an unauthorized party gained access to one Aspire email account...

      • A Visual Journey Through Computer Setups Revealed by Recent Cybercrime Raids - realhackhistory

        First an admission by me, I’m not a hardware nerd. I know my way around PCs, can swap out parts as needed and can tell a MacBook from a Chrome Book but if you are expecting an exacting breakdown of the computers or tech we’re going to be looking at here you may be disappointed.

        Now that that’s out of the way, I’m fascinated by seeing the behind the scenes of big cybercrime operations, and especially interested in seeing the work spaces of the people involved and the equipment they are working with. Most of these people raided seem to be working from home, and sometimes sharing a living space with other gang member suspects.

      • Data Breaches7×7 Dental Implant & Oral Surgery alleged victim of Abyss ransomware group

        A leak site called “Abyss” recently added 7×7 Dental Implant & Oral Surgery Specialists of San Francisco (7×7) to their site and claimed to have 114 GB of the dental practice’s files. A file tree showing 2,891 directories and 63,557 files was posted as proof of claim.

        Some of the filenames suggest business-related internal documents, while others are likely employee-related files. The bulk of the files appears to be patient-related. Most of these are image files in .jpg or .dcm format. Some .pdf files appear to be referral letters or reports.

      • CointelegraphSentiment recovers $870K after negotiations with hacker

        Lending protocol Sentiment has managed to recover the stolen funds from the recent hack by offering the hacker a bounty worth $95,000.

        In an on-chain transaction on the Arbitrum blockchain, Sentiment sent a message to the hacker offering $95,000 if the hacker returned the funds by April 6, urging the hacker to “do the right thing.“ If the hacker did not return the funds, the protocol also offered the money to anyone who could help find and prosecute the culprit.



    • Finance

      • LWNRebecca Giblin on chokepoint capitalism

        The fourth and final keynote for Everything Open 2023 was given by Professor Rebecca Giblin of the Melbourne Law School, University of Melbourne. It revolved around her recent book, Chokepoint Capitalism, which she wrote with Cory Doctorow; it is ""a book about why creative labor markets are rigged — and how to unrig them"". Giblin had planned to be in Melbourne to give her talk in person, but "the universe had other plans"; she got delayed in Austin, Texas by an unexpected speaking slot at the South by Southwest (SXSW) conference, so she gave her talk via videoconference from there—at nearly midnight in Austin.

        She began by playing the animated teaser video for the book. It describes how the tech and content firms are choking out competition so that they can take the lion's share of any revenue generated before it ever reaches the artists and others who actually did the creative work. The book also has lots of ideas for "how we can recapture creative labor markets to make them fairer and more sustainable", Giblin said in the video.

    • Internet Policy/Net Neutrality

      • Kushal Das: 40 years of the first email to Sweden

        40 years ago today, at 14:02 on 1983/04/07 (7th April), Björn Eriksen received the first ever email in Sweden. It was from Jim McKie of European Unix Network (EUnet) in Amsterdam. Björn had a VAX 780 running BSD. The following is the actual email:

  • Gemini* and Gopher

    • Personal

      • The Noguchi Filing System

        The Noguchi Filing System is for keeping track of physical paper. I keep paper in envelopes on a shelf and new envelope go on the right (or on the left if you live in Japan) and if I use an envelope, it goes on the right as if it were new. Linux nerds can think of this as sorting the envelopes by atime. Envelopes always must have a date along the spine and a word or sentence describing what’s in ‘em. Optionally they can have a color, using markers or stickers. Noguchi even cut them off one inch so that the a4 documents in there stick up a bit.

      • The New Super Mario Bros. Movie

        There are a ton of these that appears pretty much everywhere in the movie. An average 10 year old who watches the movie in guidance of their parents may not understand many of them, but for someone who invests their time into this one franchise, you can see a lot of them just appearing and alpearing and appearing to you, and it's a fan service, but a good one.

    • Technical

      • Learning How To Write

        During the second quarter of the year, I am going to make a more concerted effort to learn how to write long, fictional pieces. I have a number of ideas that I want to develop into full stories, but I find it very difficult to do so.

        There are a number of obstacles that hinder my ability to write, but over the next couple of months I am going to methodically try different techniques to overcome them. I'm only a few days into this new endeavour and I've already found a few things that have helped.

      • website overhaul

        I am currently redoing one of my neocities websites. It was initially kept as some carrd-esque site, but I decided I want to do more with it and transfer some stuff from my other neocities there as well to make it a proper hub of my projects.

      • Fixed up my old MyTouch

        Writing on a smartphone is a pain, and yet I keep trying to do it. I finally dug my old MyTouch Q out of storage to try using it instead, since it has a very handy slide-out keyboard, only to find that the battery was so dead it wouldn't even charge.

        After running around to a few different battery stores and cell phone repair shops, I resigned myself to ordering a replacement battery off eBay (which is, weirdly, a more reputable storefront than Amazon these days). And now it works again! The SIM card holder is too big for my current one, so it can't be a proper phone, but that’s fine by me. I just want to use it for writing and maybe listening to music while I do so.

      • Keep infrastructure free

        A lot of essayists wanting to push the square peg of open source software into the round peg of quid-pro-quo market capitalism.

      • mbox

        Mailbox is the traditional storage format for emails on unix; a Mail Transport Agent (MTA) such as Sendmail would chat up a Mail Delivery Agent (MDA) such as mail.local or procmail, and eventually if everything went well the message would be appended to a file, /var/mail/spongebob perhaps. That's the conventional BSD directory.

        A major disadvantage is the problem of locking--how does the MDA append a message given that at the same time another program, perhaps the user's mail client, is editing the file? Locking! This assumes both sides use the same locking, and may become terribly complicated should the mailbox files be located on a NFS server.

      • Internet/Gemini

        • social platforms

          i often find myself switching platforms because i don't feel like any of them are a perfect fit. i've even attempted to bring all of the work onto myself, building personal social platforms but to no avail. i've realized the solution is extremely simple yet almost no platform can provide that. hopefully the pub can do that for me. :)

        • Re: Making a 90s Website (waffle)

          User waffle over at midnight pub asked about making a 90's website[1]. I was there, waffle... making crappy websites for money!

          Here are my tips:

          1. Think in terms of tables. Kind of like css grid layouts, except not at all. Mentally chop your content up into rows and columns, and make liberal use of colspan and rowspan. Don't be afraid of borders, they're pretty. OR, drop the borders and use background images in the cells, which you can chop up with old software. It's called "slicing" and it was all the rage in the 90s.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

On Groupthink, Mindless 'Sheep', and Toxic Online Cults
This week, treat yourself to a life free of social control media
BetaNews is Run and Written by Bots That Make Clickbait
At least one author is doing this
Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
 
Links 25/11/2024: Egypt Harasses Bloggers, The University of Michigan Has Become Like a Corporation
Links for the day
Links 25/11/2024: Climate News, Daniel Pocock Receives a Fake/Fraudulent €17,000 Electricity Bill
Links for the day
[Meme] Microsoft: Our "Hey Hi" Hype is Going So Well That We Have MASS Layoffs Every Month. Makes Sense?
Contradiction
Latest Mass Layoffs at Microsoft Are Confirmed, Bing and Vista 11 Losing Market Share
They tried to hide this. They misuse NDAs.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day