Links 13/11/2021: Septor 2021.5 and KDE Frameworks 5.88

Posted in News Roundup at 11:33 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Server

      • Kubernetes, Containerisation and tech history repeating itself

        Over the the past couple of decades of IT, most of the focus has been around taking disparate elements of an organisation’s infrastructure and bringing them together into something much simpler. But now, with greater focus on applications and containerisation, it can feel like we’re breaking them all up again.

        However, it’s important to focus on the common thread that connects each big technology and infrastructure trend. The key thing in all this is that these changes have improved cross-functionality, communication, and collaboration across a business. So even if it feels a little like the latest trend is undoing something that’s already been done, in reality we’re moving forward and improving on what was there before.

      • Cloud Foundry insists Kubernetes transition still alive despite VMware’s retreat [Ed: By Microsoft Tim]

        VMware has stated that the Cloud Foundry-based Tanzu Application Service for Kubernetes did not meet its standards, but despite this Cloud Foundry Foundation said that its Kubernetes transition is alive and well.

        The terminology is confusing, especially as VMware calls all its developer platform stuff Tanzu, so bear with us. Tanzu Application Service (TAS) is the Cloud Foundry-based platform that does not use Kubernetes. TAS for Kubernetes is that platform adapted to run on Kubernetes. Tanzu Application Platform (TAP) is nothing to do with TAS, but is VMware’s latest effort to simplify deploying applications to Kubernetes.

    • Audiocasts/Shows

    • Kernel Space

      • RISC-V With Linux 5.16 Enabling Open-Source NVIDIA Driver As Part Of Default Kernel – Phoronix

        The RISC-V architecture updates were sent out on Friday for targeting the nearly-over Linux 5.16 merge window.

        The RISC-V updates for Linux 5.16 include support for RISC-V 32-bit “rv32″ randconfig kernel builds for random configurations to stress the build system / different code paths, supporting the time namespace in the VDSO, improving the XIP port, DeviceTree clean-ups, and more.

    • Applications

      • Top 10 Best Ubuntu Terminal Themes and Color Schemes

        In Ubuntu and other Debian-based distributions, the terminal shell is also known as the GNOME terminal, which was built under the original Gnome project. The terminal shell is written in the C programming language that can interact with the hardware and the kernel. Most Linux users keep using the default terminal shell with the original screen, scheme, and settings forever like they actually don’t want to make their Ubuntu look fashionable. However, as Ubuntu is a free and open-source OS, it totally allows you to customize the Ubuntu terminal settings with new themes, screens, fonts, styles, and other settings. Updating the terminal doesn’t only make the shell good-looking, but it can also help you to be more productive.

    • Instructionals/Technical

      • How to rebase to Fedora Linux 35 on Silverblue

        Fedora Silverblue is an operating system for your desktop built on Fedora Linux. It’s excellent for daily use, development, and container-based workflows. It offers numerous advantages such as being able to roll back in case of any problems. If you want to update or rebase to Fedora Linux 35 on your Fedora Silverblue system, this article tells you how. It not only shows you what to do, but also how to revert things if something unforeseen happens.

      • How to install and Configure Mariadb in Fedora 35

        MariaDB is an open-source one of the most popular relational database management system (RDBMS) that is a highly compatible drop-in replacement of MySQL. It is built upon the values of performance, stability, and openness, and MariaDB Foundation ensures contributions will be accepted on technical merit.

        MariaDB was developed as a software fork of MySQL in 2009 in response to Oracle’s acquisition of MySQL. MariaDB intends to remain free and open-source software under the GNU General Public License. It is part of most cloud offerings and the default in most Linux distributions.

        In this guide we will learn how to install and configure MariaDB in Fedora 35 Server/Workstation.

      • How To Install FreeIPA Client on Fedora 35

        In this article, we will learn how to install and configure freeipa client on Fedora 35.

        This integrations allow a System Administrator to conveniently configure the server centrally, on the FreeIPA server. When a management command is executed on the Client machine, the FreeIPA client sends it to the server where it is executed.

      • How to Install Microsoft Edge Browser on openSUSE Leap 15 – LinuxCapable

        openSUSE users currently, by default, are only limited to the Firefox Internet Browser. However, many alternatives can be installed. Microsoft Edge is one alternative that has been in development for over a year and has been getting quite a lot of good reviews amongst many Linux distribution communities and maybe an alternative compared to just switching to Google Chrome.

        In the following tutorial, you will learn how to install Microsoft Edge on openSUSE 15 Leap.

      • How to Find Which Package a File Belongs in Linux

        Linux package is a compressed file archive that contains all files belonging to specific applications. In some situations, you may need to find the package name belonging to a file.

        In this tutorial, we learn how to find which package a file belongs to in the Linux system.

      • How To Install TaskBoard on Debian 11 – idroot

        In this tutorial, we will show you how to install TaskBoard on Debian 11. For those of you who didn’t know, TaskBoard is a free, open-source, PHP-based, and self-hosted scheduling application that helps users to keep track of their important tasks. It provides a simple and user-friendly web interface for managing all your tasks. It is used by teams or organizations to represent work and its path towards completion.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of TaskBoard on a Debian 11 (Bullseye).

      • How to configure FreeIPA Replication on Rocky Linux/Alma Linux/Centos 8 – Citizix

        In this guide we will learn how to configure FreeIPA replication on Rocky Linux 8. This guide will also work for RHEL 8 derivatives like Alma Linux or Centos 8 or Oracle Linux 8.

        A replica is a clone of a specific FreeIPA server. The server and replica share the same internal information about users, machines, certificates, and configured policies. These data are copied from the server to the replica in a process called replication. The two Directory Server instances used by an FreeIPA server — the Directory Server instance used by the FreeIPA server as a data store and the Directory Server instance used by the Dogtag Certificate System to store certificate information — are replicated over to corresponding consumer Directory Server instances used by the FreeIPA replica.

      • Install Arkime (Moloch) Full Packet Capture tool on Debian 11 – kifarunix.com

        Welcome to our tutorial on how to install Arkime (Moloch) Full Packet Capture tool on Debian. Arkime, formerly known as Moloch “is a large scale, open source, indexed packet capture and search system“.

      • Creating a Horizon Linux Client, Part 1: Installing Ubuntu 20 Server

        Since the start of the pandemic, many companies have had to move a lot of their employees’ work from office to remote settings, which in turn has brought on a need for workers to have secure and manageable desktops. To address this, one of the solutions companies have utilized is virtual desktop infrastructure (VDI) technology, where the desktop is hosted securely in a datacenter and accessed via a client at a remote user’s location.

        VDI provides a wide range of clients that can be used: from zero or thin clients, to laptops and mobile devices running a VDI native client. Thin and zero clients are dedicated to only running the software to connect to remote desktops, while VDI native clients run as an application on top of Widows, Linux or other OSes.

      • How to install FL Studio 20 on a Chromebook with Crossover 21

        Today we are looking at how to install FL Studio 20 on a Chromebook with Crossover 21. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

      • wp-k8s: WordPress on privately hosted Kubernetes cluster (Raspberry Pi 4 + Synology) – FoolControl: Phear the penguin

        Blog post you’re reading right now is privately hosted on Raspberry PI 4 Kubernetes cluster with its data coming from NFS share and MariaDB on a Synology NAS. Purpose of this post is to serve as an ultimate guide on how to build a (prod ready) RPI k8s cluster and deploy WordPress CMS to it. Also don’t worry if you don’t have a Synology device, as I’ll explain how to use alternative solutions to achieve the same result in terms of storage and accessibility.

      • What is object storage? | Ubuntu

        Object storage has by far the most simplistic interface out there, with no need for complicated SCSI drivers, HBA drivers, multipathing tools, or volume managers embedded into your Operating System. All you need to do is point your application at an HTTP endpoint, and use a simple set of verbs to describe what you want to do with a piece of data.

        Do you want to PUT it somewhere for safekeeping? Do you want to GET it so that you can do some work with that piece of data? Or do you want to LIST the contents of your bucket?

        Perhaps these three verbs are an oversimplification of what is possible with object storage, but this is loosely where cloud object storage began. It was an initiative to make storage more economical by removing proprietary technologies and creating a simple scalable storage solution, without the complexities of legacy technologies.
        Uses of Object Storage

        Firstly, when building a new application, you will need to build it with object storage in mind. Instead of relying on cluster-aware filesystems and quorum devices, the application will need to handle failover and data consistency itself to remain available during hardware failures. Alternatively, many off the shelf applications now have native deployment models for working with cloud native infrastructure, and most importantly with object storage. When your application has finished processing or creating a piece of data, it can be written to an object store for safekeeping, and can easily be retrieved as and when needed.

        We can even use object storage buckets to trigger events. Imagine the scenario where you have a mobile app that uploads photos or video, and then some processing happens, before publication. Once a photo or video is uploaded to an object store, an event is triggered to let your application know that there is a new object to be processed. And once that object has been processed the output could be written to a bucket that triggers another job to push it to your Content Distribution Network (CDN).

      • jmtd → log → Frictionless external backups with systemd

        Here’s a description of how my monthly external backups are managed at a technical level. I didn’t realise I hadn’t written this all down anywhere yet.

    • Wine or Emulation

    • Games

      • Developing for Steam Deck without a Dev-Kit

        At this point we’ve sent hundreds of dev-kits out to developers around the world, and are still shipping out more – but we unfortunately will be unable to serve the entire Steam developer community. There are ways around this though, and it is possible to develop for Steam Deck without a dev-kit, with the hardware you have available to you.

        As an aside, the dev-kits that we are sending out are just prototypes of retail units. There isn’t anything special or different about them, no extra hardware or software that make them easier to develop for. So you really can just use available hardware to get a pretty accurate idea of how your game will run on Steam Deck. So let’s go through testing methods point-by-point using the main items our Deck Verified testers will be looking for.

      • Lilbits: Developing for the Steam Deck, Android 12 for the Raspberry Pi, Windows 11 Android app compatibility – Liliputing

        Unfortunately the same supply chain shortages that led Valve to push back the ship date for Steam Deck customers means that dev kits are in short supply. So the company has released some suggestions for developers that want to test their games on similar hardware either by using their own computer or assembling one with an AMD Ryzen processor, Radeon Vega graphics, and Arch Linux-based software.

      • Manjaro Linux, the best alternative to Windows to play on Linux

        Windows 11 has been released, but the latest Microsoft system, far from meeting expectations, has ended up casting doubts due to its requirements and the problems that were initially detected with the AMD processors. Seeing that the Redmond giant is obsessed with putting up barriers, it may be time to start considering changing its technology for another that gives you more freedom.

        When we talk about alternatives to Windows on compatible PCs, we always find the same option: Linux . And yes, this article is yet another one that invites you to replace Microsoft’s system with that of the penguin, but this time we are going to propose a distribution that can come in handy for those who are compulsive gamblers: Manjaro.

        Manjaro is a fairly well-known distribution. Based on Arch Linux, it is also a rolling release , but contrary to the system from which it derives, Manjaro is very user-friendly, so much so that just installed it already brings everything you need to start using Steam.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • This week in KDE: Primarily Centered Hamburgers

          This week brings several exciting and long-awaited changes, including KHamburgerMenu in Okular, Primary Monitor on Wayland, and Centered window placement by default! Read on to find out the details…

          Keep in mind that this blog only covers the tip of the iceberg! Tons of KDE apps whose development I don’t have time to follow aren’t represented here, and I also don’t mention backend refactoring, improved test coverage, and other changes that are generally not user-facing. If you’re hungry for more, check out https://planet.kde.org/, where you can find blog posts by other KDE contributors detailing the work they’re doing.

        • KDE Lands More Plasma Wayland Fixes, Other Enhancements For Plasma 5.24

          Like clockwork KDE developer Nate Graham is out with his weekly development summary each Saturday highlighting the accomplishments of this free software desktop project.

          It’s been another busy work in KDE land, especially with the continuous efforts around improving the Plasma Wayland session.

        • KDE Frameworks 5.88 Arrives to Make the Plasma Desktop Faster and More Enjoyable

          KDE Frameworks 5.88 is here to further improve your Plasma desktop environment and favorite KDE apps by fixing bugs or implementing new features. It also makes the Plasma desktop environment a bit faster and to use less memory every time it loads an icon, as well as when accessing files when the system’s /etc/fstab file contains entries identified with UUID and/or LABEL properties.

          With this update, the Plasma desktop now saves any changes you made in Edit Mode when you exit it, the Plasma Wayland session now lets you paste arbitrary clipboard content into a file and no longer crashes when you repeatedly hover and un-hover Task Manager’s thumbnails, and you can now double-click on a Plasma spinbox’s number to select it.

        • KDE Ships Frameworks 5.88.0 – KDE Community

          KDE today announces the release of KDE Frameworks 5.88.0.

          KDE Frameworks are 83 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the KDE Frameworks release announcement.

          This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner.

      • GNOME Desktop/GTK

        • Cassidy on GNOME, Themes, and More

          Recently there’s been a lot of discussion within the open source desktop space about GNOME, LibAdwaita, and the future of “theming” on GTK-based platforms like GNOME and elementary OS. To help distill this information, Nick from The Linux Experiment interviewed elementary co-founder and CXO Cassidy James Blaede for his recent The FACTS about GNOME’s plans for THEMES video.

          Below are the questions provided by Nick and Cassidy’s answers, lightly edited for spelling, grammar, and formatting. We hope they help share a bit of perspective on this topic!

        • #18 Delicious toasts

          Update on what happened across the GNOME project in the week from November 05 to November 12.

    • Distributions

      • New Releases

        • Septor 2021.5

          System upgrade from Debian Bullseye repos as of November 12, 2021
          Update Linux kernel to
          Update Tor Browser to 11.0
          Update Thunderbird to 78.14.0-1
          Update tor to

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

        • Bluemail » PCLinuxOS

          BlueMail by Blix a free, beautifully designed, universal email app, capable of managing an unlimited number of mail accounts from various providers, allowing for smart push notifications and group emailing while enabling personalization across multiple email accounts. Updated to version 1.1.119.

        • Palemoon Browser » PCLinuxOS

          Pale Moon is an Open Source, Firefox-based web browser available for Linux, focusing on efficiency and ease of use. Make sure to get the most out of your browser! Updated to version

      • IBM/Red Hat/Fedora

        • Fedora Linux 35: Fresh Gnome desktop and new KDE edition

          The Fedora developers have released a new version of their Linux distribution. In Fedora 35, they worked intensively on stabilizing changes that had already been implemented in earlier versions – such as the “Pipewire” sound server introduced with Fedora 34 as a replacement for PulseAudio.

          Gnome makes the step to version 41 as the primary desktop environment of this distribution, whereby its package management “Gnome-Software” now, if not all, integrates the most popular Flatpak packages from flathub.org via an additional repository. The “systemd-resolved” service, which has been responsible for name resolution for network connections since Fedora 33, has the ability to deal with “DNS over TLS” (DoT).

          Another novelty: Fedora “Kinoite”, a modularized Linux system that maintains system partitions in read-only mode and updates them separately from installed applications.

        • Fedora 35 Workstation Review – A World-Class Desktop with A Few Glitches

          Fedora 35 released a while back. And we feel this is the right time to have a quick review of the Fedora 35 Workstation edition.

        • AlmaLinux Community Delivers Third Stable Linux Release Within 48 Hours of Upstream Red Hat Enterprise Linux 8.5

          AlmaLinux OS Foundation, the nonprofit that stewards the community owned and governed open source CentOS alternative, today announced delivery of its third stable release within 48 hours of general availability of the upstream Red Hat Enterprise Linux® (RHEL) 8.5 release. AlmaLinux 8.5 has full feature parity with RHEL’s newest release including improvements that make it easier for DevOps teams to manage containerized workloads, as well as updated programming languages and security and compliance tools.

          “The AlmaLinux community is highly motivated to deliver stable releases in sync with the RHEL release timeline to promote stability and continuity for those managing production workloads on AlmaLinux,” said Jack Aboutboul, community manager for AlmaLinux. “As CentOS Linux comes to end of life this year, we aim to deliver the same high degree of quality, robustness, and timeliness end users would expect from a CentOS successor to provide a free and reliable, enterprise-grade Linux alternative.”

        • Top new features in Fedora Workstation 35

          Finally, the wait for the official release of Fedora Workstation 35 is over! The official stable release was made available for download after being pushed back to resolve some outstanding bugs.

          The wait was definitely worth it! True to Fedora foundations of “First” & “Features,” the release includes the new GNOME 41, updated developer tools, new programming languages, new power management profiles, parental controls, and improvements in the management of other third-party apps. The release cycle also includes Fedora Kinoite, a new edition based on Fedora Silverblue’s OSTree technologies. In addition, the edition features the KDE Plasma desktop.

          This article is a description of the new features and improvements in Fedora Linux 35.

        • Kyndryl spins out of IBM, stock starts trading on NYSE – and shares tumble [Ed: Kyndryl already collapses, but maybe IBM planned it all along; anything to prevent the appearance that IBM itself is collapsing[

          IBM has finally cut loose its multi-billion-dollar managed infrastructure business, renamed to Kyndryl, sending 90,000 staffers into a life that is less big and less blue.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Good Governance: OSPO Alliance Announces Handbook for Open Source Projects – Market Research Telecast [Ed: These groups champion openwashing, by maybe that's just what Open Source became. Automated translation from German.]

        The OSPO Alliance, consisting of four non-profit open source organizations, has published the first version of the Open Source Handbook of Good Governance. OW2, the Eclipse Foundation, the OpenForum Europe and the Foundation for Public Code have jointly developed the manual as part of their good governance initiative. It offers know-how for introducing a professional management of open source software in organizations.

      • Productivity Software/LibreOffice/Calligra

        • This “month” in Calligra #1

          In the past years, Calligra has not been very active. Since a few months, we are trying to improve the situation and come back. We need great office suites. We need components we can reuse in our applications. We need a Plasma-mobile document viewer. This is what Calligra can be, this is what Calligra will be.

          In order to show what is happening in the project, we will try to write monthly activity reports. Since it is the first one, it will convey the changes of the whole year.

          The whole suite received huge code modernization. We were still using old constructions (especially old style connect) that are slower or less safe than new ones. Thanks to clazy and patience, a lot of these are gone now. We also started upgrading our minimum requirements in order to anticipate the future Qt 6 migration, with further upgrades in the pipe. As a side effect (and also some additional work), the compiler is complaining much less than before.

          We also have some more specific changes in the various suite components, listed below.

        • Start of linked paragraph and character styles in Writer

          Writer now has the start of linked character and paragraph styles. This improves DOCX compatibility, extends ODT and it’ll improve the style previews and the UI in the future, hopefully.

      • Content Management Systems (CMS)<

        • State of the Word 2021

          Mark your calendars; it’s almost time for State of the Word 2021!

          State of the Word is the annual keynote address delivered by the WordPress project’s co-founder, Matt Mullenweg. Every year, the event allows us to reflect on the project’s progress and the future of open source.This year will include that and more.

          Due to the pandemic, we moved the State of the World online for the first time ever in 2020. This year, the event will be livestreamed from New York City .That will enable us to take as many folks as possible along for the ride!

          Join Matt as he provides a retrospective of 2021, discusses the latest trends he’s seeing, celebrates the community’s amazing wins, and explores the future. Expect to hear about a range of topics, from WordPress 5.9 and Openverse to Web3 and non-fungible tokens (NFTs).

      • Education

        • This year’s Aaron Swartz Day and International Hackathon will be virtual – and streamed on YouTube.

          Date: November 13, 2021
          Time: 10 am – 6pm PST

        • Remembering Aaron Swartz: Aaron Swartz Day 2021

          Aaron Swartz was a digital rights champion who believed deeply in keeping the internet open. EFF was honored to call him an ally and friend. His life was cut short in 2013, after federal prosecutors charged him under the Computer Fraud and Abuse Act (CFAA) for systematically downloading academic journal articles from the online database JSTOR. With the threat of a long and unjust sentence before him, Aaron died by suicide at the age of 26.

          He would have turned 35 this year, on November 8.

          Aaron’s death laid bare how federal prosecutors have abused the CFAA by wielding it to levy heavy penalties for any behavior they don’t like that happens to involve a computer, rather than stopping malicious computer break-ins. EFF has continued to fight its misuses, including filing a brief in a recent Supreme Court case, Van Buren v. United States, in support of computer security researchers. In a victory for all internet users, the court recognized the danger of applying this law too broadly, and rejected the U.S. government’s broad interpretation of it.

      • FSF

        • Licensing/Legal

          • Vizio sued for breach of Copyleft Open-Source Software License

            On October 19, 2021, the Software Freedom Conservancy (SFC) sued Vizio, Inc. for alleged violations of the GNU General Public License covering software incorporated into certain Vizio smart TVs.

            Use of open-source software has become increasingly popular in the development of proprietary commercial computer software, including software embedded in hardware devices such as consumer electronic devices. Open-source software can provide important and useful functionality, and is increasingly used by developers to reduce development time.

            The licensing models under which open-source software is made available can be thought of as falling into two broad categories: permissive licenses and copyleft licenses. Permissive open-source licenses typically do not create significant obstacles to incorporating the open-source software into proprietary commercial software products. Copyleft licenses, however, can be extremely problematic for developers of proprietary software and hardware. The terms of such licenses may require that, if any software that incorporates or otherwise interacts with the open-source software and is distributed, then the distribution of such modified software is governed by the same copyleft license. For this reason, some refer to these types of open-source licenses as “viral”. This term is intended to refer to the licenses’ effect of capturing (some use the term “infecting”) an ever-growing amount of software code.

      • Openness/Sharing/Collaboration

        • Open Access/Content

          • 420 ways to teach “Pigs For The Ancestors”

            Pigs for the Ancestors is an iconic ethnography, taught for decades in introductory courses and graduate seminars alike. Rapport’s theoretical ambition, the richness of highland PNG life, the detail in the ethnography — it all works together to produce an ethnography whose life has exceeded its sell-by date for decades. And now, the University of California San Diego provides 420 new ways to teach it: a massive, open access collection of 420 photos taken by Roy Rappaport across the course of his career.

          • Roy Rappaport Collection

            Photographs and sound recordings taken by American anthropologist, Roy A. Rappaport (b. 1926 – d. 1997), documenting research in the highlands of Papua New Guinea, where he studied the social life, rituals and ecology of the Maring-speaking people, particularly those belonging to the Tsembaga clan cluster living in the Simbai Valley of Madang Province. The photographs include agricultural practices, material culture such as house and bridge-building, and a year-long ritual cycle. Pig sacrifices, dance and music, ceremonial exchange, and elaborate feather headdresses and wigs are among the topics portrayed. Also included are photographs taken in the Adelbert Range of Madang Province, and images created in the context of archaeological work in 1960 in French Polynesia, particularly on Moorea and Tahiti.

            The sound recordings were made during his fieldwork and are arranged in two groups. A) Reel-to-Reel: 16 recordings made during Rappaport’s 1962-1963 fieldwork in New Guinea documenting linguistic exercises, Maring dialogue, recording instructions, chanting, drumming, and singing. B) Audio Cassettes: 29 cassette tapes recorded during Rappaport’s 1981-1982 fieldwork in New Guinea. These tapes document court cases, religious ceremonies, popular songs, and interviews. The sound recordings were digitized through support by a Recordings at Risk grant from the Council on Library and Information Resources (CLIR). The grant program is made possible by funding from The Andrew W. Mellon Foundation. Sound recordings are available upon request and registration.

      • Programming/Development

        • Computers Use Processes, So Should You – LinuxInsider

          Pseudocode quality correlates with project quality. The key to good pseudocode is getting as granular as possible. This is called “decomposition.”

          To understand, let’s take a real-world example: if someone instructed you to cook a pot of spaghetti, you’d probably know what to do from past experience. When we think about it, however, this task is composed of about a dozen assumed steps. You need to get a packet of pasta, get a pot big enough for it, fill the pot with water…you get the idea.

          When composing pseudocode, you must break your process down into these small, seemingly obvious steps. That’s because you’re doing something new and complex instead of habitual and simple. Once you decompose your process into its smallest parts, your granularity is just right.

          There is a syntactic element that should be addressed, too.

          Each one of your atomic steps should have its own line. Also, make your conditional and looping steps stand out. Typically, this is done using indentation.

          For conditional statements, put the condition to be tested on the same level of indentation as the line above (unless it’s a loop or another conditional statement), and indent each step to be taken on satisfying that condition underneath it.

          For looping statements, put the condition under which the loop iterates on the same level of indentation as the line above (unless it’s a conditional statement or another loop), and indent each step to be executed per iteration underneath it.

        • Perl/Raku

          • I made a calculator

            I created a very basic calculator using wxGlade and the Wx Perl module on CPAN.

    • Standards/Consortia

      • Fun multipart/form-data inconsistencies

        I still remember the RFC number off the top of my head for the first multipart formdata spec that I implemented support for in curl. Added to curl in version 5.0, December 1998. RFC 1867.

        Multipart formdata is the name of the syntax for how HTTP clients send data in a HTTP POST when they want to send binary content and multiple fields. Perhaps the most common use case for users is when uploading a file or an image with a browser to a website. This is also what you fire off with curl’s -F command line option.

        RFC 1867 was published in November 1995 and it has subsequently been updated several times. The most recent incarnation for this spec is now known as RFC 7578, published in July 2015. Twenty years of history, experiences and minor adjustments. How do they affect us?

        I admit to having dozed off a little at the wheel and I hadn’t really paid attention to the little tweaks that slowly had been happening in the multipart formata world until Ryan Sleevi woke me up.

      • Netflix Expands Support For Open Source AV1 Codec To Deliver Better Quality Video For These TVs

        AV1 is a high-efficiency, open-source video codec format that has a royalty-free license from Alliance of Open Media (AOMedia). Netflix is a founding member of AOMedia and one of its key contributors to its development of AV1. It began delivering AV1 in 2020 to its Android mobile app, which delivered improved viewing experiences for its members.

  • Leftovers

    • The Silence of the Fairlambs
    • The Mystery to the Solution

      His most recent work, titled Tokyo Redux, maintains the standard his previous work has set. The final novel of the Tokyo Trilogy, Tokyo Redux is a tale about the investigation of one of Occupied Japan’s most notorious murders. Still unsolved to this day, the murder of the President of the Japan National Railways Shimoyama riveted the devastated-but-recovering nation of Japan in 1949. Found in several pieces after being struck by a train, Shimoyama’s death came while the railway workers union was up in arms because Shimoyama had been specifically appointed to lay off over one hundred thousand members of their union. The primary reason behind this move was the desire of the Occupation forces to destroy the union and, ideally, to privatize at least some elements of the public transit system in Japan. In other words, classic moves by the Pentagon and its corporate affiliates in a defeated and occupied nation. Naturally, the attack on the railway workers union enhanced the position of the communists in the union and throughout the country; a position that was already fairly strong given the uncertain political situation in most of Asia after the war. Of course, the right-wing elements among the US officers heading up the Occupation saw the communist workers not as workers angry at losing their jobs, but as tools of the Soviet empire intent on provoking a violent overthrow of the US and other anti-communist elements then ruling Japan.

      In what can best be termed a classic David Peace narrative structure, the book is divided into three sections. The first is told through the eyes of Harry Sweeney, a police officer working as part of the US Occupation’s Public Safety Division. Sweeney is a classic detective, attentive to details, wary of the story being thrust on him by is superiors and skeptical of the media’s investigations. Sworn to detail and determined to seek the truth, his use of alcohol is both a salve and a trigger for violence. As the story reveals itself, it becomes clear he is running from something and someone in the States—a woman and a relationship that at the least confuses him. He makes friends among those he questions and uses his gangland connections to gather knowledge from those in the know who won’t talk to cops. Besides the reactionary military officers is a considerably more sinister element at work. Once known as the Office of Strategic Services (OSS), they have morphed into the Central Intelligence Agency (CIA). Their mastery of subterfuge and subversion is just getting started. Sweeney knows there is someone who wants the world to believe Shimoyama’s death was a suicide, but he does not know who that is. Nor does he know who did kill him. His last words to his driver are “I’ll be back in five minutes.”

    • Opinion | Maternal Instinct Protecting Our Children’s Lives—An MSNBC Premiere Documentary

      Our country’s landscape is dotted with toxic Superfund sites that impact the health and wellbeing of the lives of surrounding communities every day. These sites result from the disregard, neglect, malfeasance, capture and abuse by government agencies and corporations while under their stewardship. If and when these sites are cleaned up, it is only through the dogged efforts of local activists who make it happen. 

    • Tangled in Blue
    • Canadian Telecom Giant Rogers Mired In Bizarre Executive Power Feud That Began With A Butt Dial

      You might remember Canadian telecom giant Rogers. The company routinely found itself in the headlines for all the wrong reasons during the net neutrality wars, after it repeatedly tried to abuse its gatekeeper power to disadvantage other companies. Rogers is like most heavily consolidated regional telecom monopolies: a lack of competition or competent regulatory oversight both created and protects the company thanks to relentless lobbying. As a result, the company never is really challenged, and is consistently allowed to mindlessly merge and grow larger and larger and larger as harms are dismissed.

    • Johnson & Johnson to split into 2, aim for faster growth

      The company said Friday that it will separate its segment that sells Band-Aids, Listerine and over-the-counter medicines like Tylenol from its pharmaceutical and medical device business.

    • Science

      • Exploring The Healing Power Of Cold Plasma | Hackaday

        It probably won’t come as much surprise to find that a blast of hot plasma can be used to sterilize a surface. Unfortunately, said surface is likely going to look a bit worse for wear afterwards, which limits the usefulness of this particular technique. But as it turns out, it’s possible to generate a so-called “cold” plasma that offers the same cleansing properties in a much friendlier form.

        While it might sound like science fiction, prolific experimenter [Jay Bowles] was able to create a reliable source of nonthermal plasma for his latest Plasma Channel video with surprisingly little in the way of equipment. Assuming you’ve already got a device capable of pumping out high-voltage, all you really need to recreate this phenomenon is a tank of helium and some tubing.

    • Hardware

      • Using VHDL To Generate Discrete Logic PCB Designs | Hackaday

        VHDL and Verilog are hardware description languages, used to describe and define logic circuits. They’re typically used to design ASICs and to program FPGAs, essentially using software to define hardware. However, [Tim] has done something altogether quite creative, creating tools to take VHDL and Verilog and spit out PCB designs for discrete logic.

        Yes, you read that correctly. The basic idea is to take VHDL source code, and then make a PCB layout that implements the desired logic using resistor-transistor logic. From there, the PCB design files can be shipped off to a manufacturer for pick-and-place assembly at a fraction of the cost of producing a bespoke ASIC.

      • A Guide To Designing A Custom RC Controller | Hackaday

        These days, there are tons of RC controllers out there of all shapes and sizes. However, if you want to build something with just the right amount of buttons and sticks for your application, you might want to design something yourself. That’s precisely what [Sebastian] did.

        The project actually began some time ago, with [Sebastian] sharing his process for building a custom ergonomic enclosure through the use of clay and photogrammetry, which we’ve covered before.

    • Health/Nutrition/Agriculture

      • Making Cannabis Safe for Capital

        The show began with a video welcome from Attorney General Rob Bonta. Introducing the clip, Gieringer described Bonta as “one of the state officials who have done so much over the years to help make Prop 215 actually work.” That blunt assertion was antithetical to the POV of Dennis Peron, the prime mover, who made futile trips to Sacramento in the years after 215 passed to testify against the “enabling legislation” by which Democratic politicians from State Sen. John Vasconcellos to Jerry Brown to Gavin Newsom and Rob Bonta have effectively modified the measure. According to Dennis, all that was needed to make Prop 215 work was for Law Enforcement to respect the letter and spirit of the law.

        A co-author who agreed with Dennis, Dr. Tod Mikuriya, has been gone since 2007. So the Prop 215 origin story presented at Fort Mason was one-sided, except for a video statement by Dennis that his friend Davie Smith recorded in late ’95.

      • Opinion | American’s Very Big (Water) Drinking Problem

        Think of it this way: what we don’t know will hurt us. And water—yes, water—is an example of just that. Even at a time of such angry political disputes, you might imagine that, in a wealthy country like the United States, it would still be possible to agree that clean water should be not just a right, but a given. Well, welcome to America 2021. 

      • Documents Expose ‘Staggering Pattern of Political Interference’ in Trump’s Covid-19 Response

        Documents released Friday reveal how in early 2020 the Trump administration downplayed the deadly danger posed by the nascent Covid-19 pandemic, silencing and sidelining top health officials who tried to warn the public and destroying evidence of political interference while issuing rosy declarations that the outbreak was “totally under control” and would soon be over.

        “The Trump administration’s use of the pandemic to advance political goals manifested itself most acutely in its efforts to manipulate and undermine CDC’s scientific work.”

      • Norway to reinstate national measures to combat Covid-19

        Local restrictions had reappeared in recent days in Norway, with daily cases at around 1,500 in a country of 5.4 million people.

        Europe is facing a sharp deterioration in the epidemic situation, especially in Germany and central and eastern Europe. Non-vaccinated people are the most affected.

        The World Health Organization has warned that Europe is once again the “epicentre” of the pandemic.

    • Integrity/Availability

      • Proprietary

        • Security

          • Native Tribal Casinos Taking Millions in Ransomware Losses
          • Schools email marketing firm fixes database login leak • The Register

            An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website.

            Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company which spotted the flaw when the infoseccers tried to draw its attention to the problem.

            An email shown to The Register by Pen Test Partners, described by the firm’s consultant Andrew Tierney as “the most arrogant response I’ve ever had to a disclosure,” said the company wasn’t interested in hearing about the vulnerability.

          • Mystery deepens over Labour Party data breach amid silence • The Register

            Labour’s main website at labour[.]org[.]uk appears to be a WordPress CMS running a custom frontend theme built by an American company called Wide Eye Creative. We have asked Wide Eye whether it has suffered a cyber attack within the last month and will update this article if we hear back from the firm.

            We have also asked Nationbuilder, a popular vertically integrated website and political campaigning tool, whether it suffered any data breach affecting Labour members’ data within the last month.

          • ManageEngine service vulnerability exploited – again • The Register

            Palo Alto Networks’ Unit 42 research team has said criminals using tools accompanied by Chinese instructions gained access to high-interest networks and stole passwords after exploiting at least 370 password management services in the US.

            “As early as September 17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet,” wrote Unit 42. “Subsequently, exploitation attempts began on Sept. 22 and likely continued into early October.”

          • Ukrainian cuffed, faces extradition to US for allegedly orchestrating Kaseya ransomware infection [Ed: This impacts Microsoft Windows, but you would not know this is you read The Register]

            In a major ransomware bust US and European authorities on Monday announced separate but related indictments and arrests linked to extortionware attacks on IT service provider Kaseya and other firms.

          • 14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

            Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution.

            The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, DevOps company JFrog and industrial cybersecurity company Claroty said in a joint report.

            Dubbed “the Swiss Army Knife of Embedded Linux,” BusyBox is a widely used software suite combining a variety of common Unix utilities or applets (e.g., cp, ls, grep) into a single executable file that can run on Linux systems such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs).

          • Privacy/Surveillance

            • EFF to Supreme Court: Warrantless 24-Hour Video Surveillance Outside Homes Violates Fourth Amendment
            • Apple Has Listened And Will Retract Some Harmful Phone-Scanning

              That’s good news. As we’ve previously explained, this feature would have broken end-to-end encryption in Messages, harming the privacy and safety of its users. So we’re glad to see that Apple has listened to privacy and child safety advocates about how to respect the rights of youth. In addition, sample images shared by Apple show the text in the feature has changed from “sexually explicit” to “naked,” a change that LBTQ+ rights advocates have asked for, as the phrase “sexually explicit” is often used as cover to prevent access to LGBTQ+ material. 

              Now, Apple needs to take the next step, and stop its plans to scan photos uploaded to a user’s iCloud Photos library for child sexual abuse images (CSAM). Apple must draw the line at invading people’s private content for the purposes of law enforcement. As Namrata Maheshwari of Access Now pointed out at EFF’s Encryption and Child Safety event, “There are legislations already in place that will be exploited to make demands to use this technology for purposes other than CSAM.” Vladimir Cortés of Article 19 agreed, explaining that governments will “end up using these backdoors to … silence dissent and critical expression.” Apple should sidestep this dangerous and inevitable pressure, stand with its users, and cancel its photo scanning plans.

              Apple: Pay attention to the real world consequences, and make the right choice to protect our privacy.

            • Reg reader returns Samsung TV after finding giant ads splattered everywhere

              A Register reader triggered a kerfuffle for Samsung after asking the electronics biz if he could disable large and intrusive adverts splattered across his new smart TV’s programme guide.

              Ross McKillop bought the telly from UK retailer John Lewis but felt distinctly undersold when he turned it on to find the internet-connected device displaying advertising on its electronic programme guide menu.

            • How digital technology helped support Ghana’s COVID response [Ed: Shilling mass surveillance as health is the autocrat's propaganda]

              Real-time surveillance of reported COVID infections has been key to the global pandemic response. Many tools, devices and apps have been used to support surveillance. China, South Korea and Malaysia developed some early in the pandemic and many others were created by other countries later on.

              Some of these platforms will also have a role to play in a post-pandemic world. Enhancements in digital technology, mobile phone networks, and the potential in telehealth systems could help reshape what healthcare looks like in resource-poor settings.

            • Philippines’s passport application site leaks personal info • The Register

              The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked.

              “The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice on the DFA website. “An internal audit will also be conducted to prevent similar incidents from happening in the future.”

              The Philippines requires citizens to use the site, which launched only a couple of months ago, to apply for a passport – walk-in applications are allowed only under exceptional circumstances. However, at time of writing, the tracker is returning a 404 error. Citizens therefore have no way knowing when or if passports will be approved and/or dispatched.

    • Defence/Aggression

      • There’s No Second Amendment on the South Side of Chicago

        I have been close to gun violence my entire life. Growing up on the South Side of Chicago, I’ve seen my classmates carry firearms to keep themselves and their families safe from harm. And I later represented some of those same individuals in court—being prosecuted for firearm possession—when I started work as a public defender.

      • Bitter Belated Afghan Vindication

        I wrote numerous articles for FFF on the Afghan war. My first article, “Drug Laws: Terrorists Best Friends,” in February 2002, attacked the Bush administration for perpetuating the war on drugs while promising to rid the world of terror. That article noted:

        Afghanistan produces about 70 percent of the world’s opium. Revenue from opium production helped finance both the Taliban government (until production was banned) and the al-Qaeda terrorist network. Because narcotics are illegal, they tend to attract violent, ruthless people and organizations to carry out their production and marketing. The only reason that opium is more profitable for terrorists than beer is that governments criminalize the possession and distribution of opium while tolerating the possession and distribution of beer.

      • Let’s Just be Honest and Call November 11 Forgetting Day

        The four-year war, fought not to “defend democracy” as our national mythology tells us, but as a cat-fight among colonial empires fighting for bigger shares of each other’s collapsing empires, ended up killing 10 million soldiers (116,000 of them US troops, who only entered that war during its final year) and wounding another 20 million — many of them grievously.

        As the first “modern” war, fought with industrial-scale killing machines and weapons like machine guns, tanks, enormous cannons, aerial bombings of cities, and the use of various types of poison gas, it also caused millions of civilian deaths.

      • Revolutionary Front Seizes Haiti’s Largest Fuel Terminal as US Weighs Military Intervention

        Update: As this article went to publication, Jimmy Cherizier announced a temporary lifting of the FRG9’s blockade on the Varreux gas terminal for a one week period, deeming it a “truce for a week of reflection.” The truce will end on November 18, 2021, the anniversary of the Battle of Vertières, which marked the end of Napoleon’s bid to restore slavery in Haiti. Cherizier laid out nine demands; among them was Acting Prime Minister Ariel Henry’s resignation, the withdrawal of police forces from neighborhoods controlled by the FRG9, and the return of gasoline to its pre-blockade price. The government is unlikely to fulfill any of the demands, portending a resumption of the stand-off at the Varreux terminal following the anniversary.

      • Ilhan Omar Unveils Resolution to Block ‘Unconscionable’ Saudi Arms Sale

        Rep. Ilhan Omar unveiled a resolution Friday aimed at blocking a Biden administration-approved sale of $650 million worth of missiles and other military equipment to the Saudi government, which has been bombing Yemen—often with U.S. weaponry—since 2015.

        “Congress has the authority to stop these sales, and we must exercise that power.”

      • Bolivian President Luis Arce on Country Recovering from US-Backed Coup & Latin American Unity
      • East Timor Massacre Remembered: U.S.-Armed Indonesian Troops Killed 270 Timorese 30 Years Ago Today

        Today marks the 30th anniversary of the Santa Cruz massacre in East Timor, when Indonesian troops armed with U.S. M16s fired on a peaceful memorial procession in the Santa Cruz cemetery in Dili, killing more than 270 East Timorese. Indonesia had invaded East Timor in 1975 and maintained a brutal occupation until 1999, when East Timorese voted overwhelmingly for independence in a United Nations referendum. The massacre on November 12, 1991, sparked widespread outrage against the Indonesian government led by dictator General Suharto, a staunch U.S. ally, and marked a turning point in international public opinion. We play an excerpt of “Massacre: The Story of East Timor,” a 1992 documentary produced by Amy Goodman and Allan Nairn, who witnessed and survived the killings after being severely beaten by Indonesian troops.

      • Germany’s Neo-Nazi Death Squad: NSU and NSU 2.0

        The 150 page report talks about Neo-Nazis engaging in military-style war games. These self-appointed killer squads are furnished with weapons, explosives, armory, etc. One reported list includes secret locations for shooting and killing practices in the state of Hessen, where Neo-Nazis like to use remote forests. Yet, German Neo-Nazis also conducted such killing practices with their associates in Switzerland and the Czech Republic. Years ago, some of these Neo-Nazi gatherings laid the foundation for what was going to come: the NSU-network, that killed ten people: nine migrants and one policewoman.

        Today, we know – and comes to know that despite what the government and much of Germany’s media have told us – that the NSU was not only three people. The NSU-network was never just Uwe Mundlos, Uwe Böhnhardt and Beate Zschäpe, as German officials have liked to pretend for years. Instead, the NSU has always been a network of enablers, supporters, weapon suppliers, drivers, employers, financiers, hideout providers, ideology purveyors, etc. The NSU’s killings were made possible by a substantial network of Neo-Nazis. Some people estimated the immediate NSU-network to consist of is up to 130 hard-core Neo-Nazis.

      • Beneath the Rittenhouse trial: Grim truths about the state of America

        Vigilantism, extrajudicial killings by federal authorities, violent insurrections, threats and harassment of public officials, and rejection of election results and the democratic process are all hallmarks of authoritarian movements. Coddling the gun fetishists and allowing right-wing extremism to fester over many years has brought us to the point when we must ask ourselves if we’re no longer a country where politics is war by other means — it’s just plain old war.

      • Republican Lawmakers Are Now Getting Death Threats Over … Infrastructure Legislation

        Welcome to the state of affairs in 2021’s MAGAfied GOP, where House Republicans who voted for a bipartisan infrastructure bill find themselves on the receiving end of death threats.

      • Meanwhile, Steve Bannon Is Reminding Everyone That the Right Is Very Much Trying to Destroy Democracy

        Steve Bannon was criminally charged on Friday for defying a subpoena issued by the House committee investigating Jan. 6. The charges were announced not long after Bannon very emphatically reminded listeners of his War Room podcast that the he and the right are trying to do away with democracy by “taking over elections” and overturning Trump’s loss last November.

      • Trump ally Steve Bannon indicted for contempt of Congress over Jan. 6 probe subpoena

        Bannon faces two criminal counts for refusing to provide documents and testimony to the House lawmakers probing the Jan. 6 Capitol invasion.

      • Steve Bannon charged with contempt of Congress

        He was summoned to testify on what he knew about plans for the protest that ended with the storming of Congress.

        The House of Representatives voted last month to send the case to the justice department, which opted on Friday to prosecute Mr Bannon, 67.

        He could face up to a year in prison and a $100,000 (£74,500) fine.

        Trump supporters raided the US Congress building on 6 January as lawmakers were meeting to certify the election result.

      • ‘Hugely Significant, and Entirely Appropriate’: Bannon Indicted for Defying House Subpoena

        The U.S. Justice Department revealed Friday that Steve Bannon was indicted by a federal grand jury on two counts of contempt of Congress after failing to comply with a subpoena issued by the House panel investigating the January 6 attack on the Capitol.

        “Steve Bannon’s indictment should send a clear message to anyone who thinks they can ignore the select committee or try to stonewall our investigation: No one is above the law.”

    • Environment

      • Migration
      • Activists Slam ‘Weasel Words’ in New COP26 Text as Negotiators Water Down Climate Deal

        Climate advocates warned Friday that “the fingerprints of the fossil fuel industry” are all over a COP26 draft decision text released in the waning hours of the summit in Glasgow, Scotland, where campaigners and scientists have implored world leaders to take ambitious steps to curb planet-warming emissions.

        The new text—released on the last official day of a conference swarming with oil and gas lobbyists—dampened lingering hopes of a firm international commitment to phase out the use of fossil fuels, the primary driver of the global climate emergency.

      • Youth Activists Fight for Their Future at COP 26
      • Five Rich Nations Jeopardizing Future With Plans for Fossil Fuel Expansion: Report

        As the COP26 climate summit draws to a close following two weeks of talks and pledges in Glasgow, a new report out Friday details five wealthy nations’ life-threatening plans to expand fossil fuel production, exposing the utter emptiness of their professed commitments to decarbonization.

        “Coal, oil, and gas production must fall globally by 69%, 31%, and 28% respectively between now and 2030… Projections suggest that the Fossil Fuelled 5 will… actually increase oil and gas production by 33% and 27%.”

      • Climate of Delusion

        Only 15 percent of people in a dozen countries around the world thought the United States was doing a good job of addressing the pandemic. That sharply contrasted with how Americans felt: 47 percent praised their own government’s management of COVID-19.

        What’s astonishing is that people outside the United States had a much better understanding of what was going on inside this country. By all objective standards, America was doing a terrible job back in 2020. We had the highest number of infections and the highest number of deaths. We had critical shortages of personal protective equipment, and hospitals in a number of cities and rural areas were completely overwhelmed. Contact tracing was sporadic and masking requirements inconsistent. The federal government was incoherent, to put it mildly, and states veered off in very different directions, some of them suicidal.

      • Climate Activists Say Loopholes in COP26 Pact “Make Mockery” of Negotiations
      • Leaders at COP26 Are ‘Massively Killing the Paris Agreement,’ Critics Say as Talks Drag On Past Deadline

        “The wealthiest have said that their coffers are empty, treating climate finance as if it were some loose change to be found down the back of the sofa.”

      • Walkout: Outraged by New COP26 Pact, Civil Society Holds People’s Plenary & Leaves Climate Summit

        As the U.N. climate summit in Glasgow concludes, activists staged a walkout Friday in response to late decisions made by negotiators to severely weaken commitments in the final agreement. While the earlier draft of the unbinding Glasgow Agreement called for “phasing-out of coal and subsidies for fossil fuels,” the new draft calls for the phaseout of “unabated coal power and of inefficient subsidies for fossil fuels.” We get an update on the walkout from one of its leaders: COP26 Coalition lead spokesperson Asad Rehman. “We should not call it a Glasgow pact, we should call it the Glasgow suicide pact for the poorest in the world,” says Rehman. “They’re ramming through so many loopholes that it makes a mockery of these climate negotiations.” Rehman was part of a group of members from U.N. constituencies that took over one of the main negotiation rooms inside COP26 this morning to issue a “people’s declaration” in light of the weakened language.

      • Climate Crisis = Health Emergency: Air Pollution, Pandemics & Displacement Make the World Sick

        Health leaders are warning governments of “unimaginable” health consequences from the climate crisis if world leaders don’t take decisive action to decarbonize. This week at the U.N. climate summit in Glasgow, the Global Climate and Health Alliance presented a letter to the COP26 president signed by 46 million health workers who are calling for global climate action on health. Meanwhile, a delegation of mothers from Brazil, Britain, India, Nigeria, Poland and South Africa attended COP26 to deliver their own letter to the summit’s president that was signed by about 500 parent groups from 44 countries and calls for limits on air pollution. We go inside COP26 to speak with Jeni Miller, executive director of the Global Climate and Health Alliance and co-chair of the World Health Organization’s Civil Society Working Group to Advance Action on Climate Change and Health, and medical student Amit Singh, a member of Students for Global Health. “Climate change is a threat multiplier,” says Miller. “Increasingly, we’re recognizing that we can’t care for the patients and the communities that we serve if we don’t step outside the clinic and address this driver of health impacts, which is climate change.”

      • Saving Our Planet Requires Systemic and Behavioural Change

        Neo-liberalism is an extreme form of capitalism, like its founding ideology but darker, even more unjust and brutal. It sees every aspect of life – waterways, forests, the air, people, you name it – as a potential product to be exploited, profited from, drained of all value and discarded. The “free market” (does such a thing exist, anywhere?), and its power to regulate supply and demand, is a cornerstone, as is competition and private ownership of everything, including health care, education, even prisons. Whatever area, the aim is the same, maximize production limit costs and generate wealth for the business, most importantly the shareholders, no matter the impact on the environment and society.

        A value system and integrated way of life has evolved consistent with the ethos of this poisonous ideology: individual ambition – personal success over group well-being; greed or excess; sensory pleasure; materiality; tribal nationalism (strengthened by competition); distrust of others who are different, and a fabrication of individuality. True individuality is impossible within the constraints of the doctrine which demands conformity, assimilates and dilutes creative expression to the mechanics and trends of the machine, and like all ideologies, moves towards crystallisation, maintains itself supreme and claims there are no viable alternatives.

      • The Politics of Water

        When it comes to basic water supplies, that’s hardly an outlandish thought. After all, back in 2015, our government, along with other members of the United Nations, embraced the U.N.’s Sustainable Development Goals, the sixth of which is universal access to safe drinking water. Despite modest progress globally — 71% of the world’s population lacked that simple necessity then, “only” 61% today — nearly 900 millionpeople still don’t have it. Of course, the overwhelming majority of them live in the poorest countries on this planet.

        The United States, however, has the world’s largest economy, the fifth-highest per-capita income, and is a technological powerhouse. How, then, could the American Society of Civil Engineers (ASCE) have given our water infrastructure (pipes, pumping stations, reservoirs, and purification and recycling facilities) a shocking C-grade in their 2021 “report card”? How to explain why Yale University’s Environmental Performance Index ranked the U.S. only 26th globally when it comes to the quality of its drinking water and sanitation?

      • Facing Climate Collapse at the Eleventh Hour

        “These same 139 climate-denying members have received more than $61 million in lifetime contributions from the coal, oil and gas industries,” according to the Center for American Progress last March. Climate deniers “still include the majority of the congressional Republican caucus.” One wonders what exactly the senate’s most conservative Dem, Joe “I Just Don’t Give a Shit” Manchin thinks, though that is largely irrelevant. What counts is what he does. And if it comes to a choice between his wallet and the long-term survival of the human race, as it did with the Build Back Better bill, guess which Manchin picked? It sure wasn’t future generations.

        Coal baron Manchin singlehandedly pulled the teeth out of Biden’s climate program, embedded in his now neutered reconciliation bill. Too bad the Dems didn’t strip Manchin of his committee assignments and chairmanship and, as suggested recently in CounterPunch, stop the massive flow of federal funds to West Virginia. That’s what Lyndon Baines Johnson would have done. But then, to do all that today the Dems and Biden would have actually WANTED to succeed, which, in truth, they’re allergic to.

      • As COP26 Fizzles to an End, Biden Urged to Use Executive Action to Stop Fossil Fuel Expansion

        As the COP26 summit stretched into overtime on Friday—with diplomats in Glasgow, Scotland unable to finalize an international climate accord by the scheduled deadline due to sharp disagreements over fossil fuel language, the pace of emissions reductions, and aid for developing countries—progressives in the U.S. implored President Joe Biden to take ambitious climate action through the executive branch.

        “The fate of climate action does not rest on a handful of recalcitrant senators or world leaders.”

      • Opinion | We Must Abandon Our Climate Delusions

        There is an astonishing statistic in a Pew research study released in 2020 on perceptions of how different countries handled COVID-19.

      • Fossil Fuel Companies Owe Reparations to Countries They Are Destroying
      • Opinion | COP Is Dead. Long Live the Movement!

        This COP was as disappointing as any of the previous one. The inclusion of the words “fossil fuels” into the final declaration seems to be the only “advancement” it represents compared to the past. It is meaningless. What is overwhelmingly meaningful is the announcement that the two next COPs will be in Egypt and the United Arab Emirates. This means only one thing for the climate justice movement: there is no possible fiction in which any of us can actually entertain the idea that the COP is a process in any way different from the World Trade Organisation and the G20. The COP is an organisation of global capitalist plans for the intensification of exploitation. It needs to be dead to us, as  our presence there legitimises a process that is simultaneously against us and against the planet—that is why the Glasgow Agreement was created in 2020.

      • Energy

        • Biden Administration to Auction Off Gulf of Mexico for Offshore Drilling
        • Let the Sun Shine: Making Solar Power Work

          Undoubtedly, we are better off for all the agreements, but are we any safer? Is a coming 2.6-degree rise in average global temperatures better than a 2.8-degree rise, when low-lying island nations, at-risk river deltas, and even coastal cities such as Miami will still be swamped, precipitating a migrant crisis unlike we have ever seen? None of us have a crystal ball, but it is well past time to heed the warnings.

          Nor do any of us have a magic wand, but some solutions are certainly within our means. Let’s hope that green thinking becomes green reality before it’s too late. Of course, we have had photovoltaic (PV) solar power since Bell Labs engineer Russell Ohl first cut up a piece of baked silicon and shone a flashlight on it in 1939, his colleague Walter Brattain and inventor of the transistor exclaiming, “this was the first time that anybody had ever found a photovoltaic effect in elementary material.” Wind power? — that’s been around since forever.

        • Scientists Find Appalachian Mountaintop Removal Coal Mining Put Endangered Species at Risk Thousands of Times

          In the heart of West Virginia, somewhere along a 22-mile stretch of the Elk River, swims one of the world’s rarest fish, the diamond darter. This tiny partly-translucent fish buries itself beneath grains of sand and gravel in the river-bottom during the day, just its black eyes peeping out as it perhaps hunts or hides from predators itself. The darter’s silvery sides sparkle when it emerges in the evening, giving rise to its gem-inspired name.

          It used to be that, if you were lucky and eagle-eyed, you might encounter a diamond darter in many places along the Ohio River Valley, not just this tiny stretch of the Elk River. But in the intervening decades, the region’s rivers were dammed or channeled and the fossil fuel era dawned across Appalachia. Meanwhile, the diamond darter’s numbers dwindled to the point that up until 1980, when biologists rediscovered the Elk River population, the fish was believed extinct.

        • ‘Sustainable Bioenergy Declaration’ Signed by Drax During COP26 Talks ‘Incompatible’ With Paris Agreement, Expert Warns

          A bioenergy declaration signed by Drax during COP26 is further proof of the company’s “greenwashing”, campaigners have claimed.

          The Yorkshire-based biomass giant is among over a dozen signatories to an industry-backed document that claims bioenergy could increase its output to nearly threefold, and reduce net global emissions by over one billion tonnes of carbon dioxide by 2050. 

        • Silk modified to reflect sunlight keeps skin 12.5°C cooler than cotton

          A fabric made of engineered silk keeps skin about 12.5°C cooler than cotton clothing and provides relief from hot weather.

          Approximately 15 per cent of global electricity goes towards keeping us cool. To reduce this energy demand, scientists have been searching for passive ways of cooling us that don’t require electricity.

      • Wildlife/Nature

        • Busting Livestock Industry Myths About Cattle and Soil Carbon

          The false prophet of this story is Allan Savory (founder of the “Savory Institute”), who spent his most productive years training and fighting with “guerrilla gangs” against indigenous groups in Rhodesia, and spurring government efforts to kill more than 40,000 elephants on misguided ecological pretexts (a decision he later stated he regretted). How fitting, then, that this former employee of the British Empire’s Colonial Service would become a hero to the American livestock industry, which itself is substantially responsible for clearing away (and wiping out) Indigenous peoples and exterminating native wildlife to make way for their own hoofed empire. Ranching is an ongoing colonialist conquest of nature spanning both hemispheres and trying desperately to maintain its dying grasp on the 21st Century by reframing it as a solution, rather than a cause, of the climate and biodiversity crises.

          As a nation, we shouldn’t sacrifice native species and healthy lands to make the West safe for non-native, invasive cattle and sheep, so we can benefit a tiny, economically insignificant fraction of the population.

        • COP26 and Nature: Grizzly Bears Show Us the Connection Between Our Global and Local Actions
        • The US Forest Service has Become the US Fire Service

          So, here you have good people in green uniforms who joined the Forest Service to do good and now they find themselves in the tender tendrils of an agency that needs to increase its budget as all agencies must do, and it promotes and rewards the employees most adept at bringing home the bacon: funding from Congress, or locally, revenue the Forest Service gets to keep when it sells the trees to people who cut them down with huge machines then drag them off on new and “restored” roads. These roads then allow invasive exotic plants into the forest which then have to be sprayed with herbicide then burned again for good measure. All this fire, of course dries out the soil, kills slow animals and warms the planet while further injuring a still recovering forest.

          Since Congress gives the agency lots to do but not enough resources to do those things like research or maintenance, that don’t include some payback to some corporate donor to the Congressperson’s political campaigns, ambitious managers are looking for projects that build budgets. Enter FIRE. There is no doubt a large caldron full of gleaming coins in an office in Washington DC into which regional Forest Service offices can dip so their constituent national forests can dip so each ranger district can dip; but all this dipping requires PROJECTS ever larger projects with ever more FIRE.

    • Finance

      • Most Millionaires Get Average Tax Cut of $16K a Year With SALT Cap Increase
      • West Hollywood Just Won the Highest Minimum Wage in the Country
      • Wealthy Americans Get Paid Leave, Shouldn’t the Rest?

        As Senior Vice President of MomsRising, she’s helped mobilize more than 870,000 calls and emails to lawmakers advocating for paid leave and other pro-family benefits in the Build Back Better legislation.

        As the daughter of a cancer patient, she’s seen up close how the lack of paid leave benefits ravages families.

      • Biden and Congress Agree: Build Back Bombs Better

        Last Friday Congress passed the Biden “Infrastructure” Bill which will be signed into law post haste says the White House.  The bill, designed to upgrade roads, bridges, transport and broadband, is a bricks and mortar affair and will benefit industry and commerce. It is the first of two bills that have been the center of attention for months now.

        The second bill is the Build Back Better Bill.   This bill has provisions for child care and preschool, eldercare, healthcare, prescription drug pricing, immigration and curbing greenhouse gas emissions. This might be described as a bill for people not for bricks and mortar.  It has been the darling of progressives in Congress.  The White House once promised it would come up for a vote by the week of November 15.

      • We Abandon Low-Income Voters at Our Peril

        When President Biden first unveiled the Build Back Better agenda, it appeared that this country was on the path to a new war on poverty. In April, he told Congress that “trickle-down economics have never worked” and that it was time to build the economy “from the bottom-up.” This came after the first reconciliation bill of the pandemic included the child tax credit that—combined with an expanded Supplemental Nutrition Assistance Program and unemployment benefits, stimulus checks, and other emergency programs—reduced the poverty rate from 13.9 percent in 2018 to 7.7 percent in 2021. (Without such actions, it was estimated that the poverty rate might have risen to 23.1 percent.) All eyes are now on the future of this Build Back Better plan, whether it will pass and whether it will include paid sick leave, reduced prescription drug prices, expanded child tax credits, expanded earned income tax credits for those without children, universal pre-K, climate resilience and green jobs, and other important domestic policy investments.

      • Housing and the Homeless in Berkeley

        Neumann pauses for a moment, gathers his thoughts and tells a story about a friend named Barbara who was having dinner with the Beat poet Allen Ginsberg. When the conversation turned to Palestine she asked, “How do you have hope?” Ginsberg banged his fist on the table Khrushchev style and shouted, “It’s not about hope. You have to do what you have to do.” Neumann agrees with the teenage Swedish activist,  Greta Thunberg, who wants people not to hope but to panic and do something about issues such as climate change and global warming.

        What Neumann does weekly if not daily is to help the homeless in Berkeley, the birthplace of the Free Speech Movement, and also in Oakland where Huey Newton and Bobby Seale formed the Black Panther Party in 1966 and issued a ten-point program. Point four called for “Decent Housing Fit For The Shelter of Human Beings.” So what happened? Why didn’t that come to pass? Neumann isn’t the only 1960s, 1970s rebel asking that question. It’s on the lips of every thinking survivor from Berkeley to Brooklyn, N.Y. and beyond. Neumann hopes to write a book that will provide some answers, but right now he’s awfully engaged as a lawyer fighting for the rights of the homeless. The book, which would be his third, will have to wait.

      • Setting the Record Straight About What Biden’s Proposed Social Programs Would Do

        Unfortunately, detractors are throwing around so many distortions that it’s hard to keep track of what’s actually in the legislation, also known as the budget reconciliation bill.

        Sen. Joe Manchin, the Democratic swing vote from West Virginia, is a good starting point for straightening out some of the misconceptions. Perhaps more than any other person in this world, he will determine how much Americans’ lives will change over the decade ahead.

      • He Tore Down Motels Where Poor Residents Lived During a Housing Crisis. City Leaders Did Nothing.

        For most of his life, Ernest Block has managed to stay one step ahead of homelessness. When he was 9, his parents scrambled to find a new place to live after his grandmother sold the family ranch. As an adult, when his rent surpassed his income, he found friends willing to take him in as a housemate. And at other times he obtained shelter by providing live-in care for an ailing family member.

        Then, about 10 years ago, he found Nystrom House, in the shadow of downtown Reno’s Sands Regency Hotel Casino. The rent was affordable. For $450 a month, he had a room with a shared kitchen and bathroom.

      • Corporate Dem Tom Suozzi Wants Tax Cuts for Rich Jammed Into Build Back Better
      • St. Jude Hoards Billions While Many of Its Families Drain Their Savings

        A series of sharp knocks on his driver’s side window startled Jason Burt awake.

        It was the middle of the night on a Saturday in 2016. Burt was sleeping in his pickup truck in the parking lot of St. Jude Children’s Research Hospital in downtown Memphis, Tennessee, where his 5-year-old daughter was being treated for brain cancer. He’d driven more than 500 miles from his home in Central Texas to visit her.

      • Opinion | The Real Source of Inflation? Consolidated Corporate Power and Greed
      • Getting High on Inflation
      • The Federal Poverty Line Struggles to Capture the Economic Hardship that Half of Americans Face

        His schedule is not fixed in either job, and his hours are not guaranteed. Some weeks he works back-to-back eight-hour shifts. Some weeks he works fewer than 30 hours. Neither job offers sick leave, vacation time or health insurance.

        Chase shares an apartment with three other people, something he finds stressful. And he is not always confident that he can make his portion of the rent. Between the two jobs, Chase earns less than US$16,000 a year. While it may not sound like a lot, that places him well above the federal poverty line for a single person: $12,760.

      • The Democratic Party’s Future Depends on BBB

        The progressive bloc extracted a written promise from five key centrists to vote for the Build Back Better bill assuming that the Congressional Budget Office verifies the math behind the spending.

        The question grassroots progressives are asking themselves is: is trust wise? Will the corporatists deliver? Or are we just rubes who about to get rolled again?

    • AstroTurf/Lobbying/Politics

      • Macedonian Ramble: the Forgotten Peaks of Monastir and Dobro Polje

        I had come to Bitola to inspect the landscape of the 1918 battle that might well have determined the outcome of World War I. Although now it is forgotten, Monastir (now Bitola) was once at the center of the Allied attacks aiming to break the Axis grip on Southeast Europe.

        To see the contours of this Verdun of the Balkans, I had reserved the services of professional guide and historian, who was waiting in his car outside the Hotel Theatre just before 8 a.m.

      • De Klerk lauded for role in dismantling apartheid, but tarnish on legacy remains

        The death of apartheid’s final state president FW de Klerk was met with the contradictions that characterised his political life.

        On the one hand, he was almost universally lauded for his “courageous” – as President Cyril Ramaphosa labelled it – role in dismantling the brutal apartheid state and ushering in the dawn of South Africa’s democracy.

      • FW de Klerk: A Negotiator Before Defeat

        These differences have proven stark with the late FW de Klerk, South Africa’s last apartheid president.  “De Klerk,” suggested Mac Maharaj, formerly official spokesperson for President Jacob Zuma, “was a man of the moment and [Nelson] Mandela was a man of history.”  The late Colin Eglin went one better in his observation of the two men.  “A relatively conservative Afrikaner leader decided to negotiate before he had lost, and an imprisoned leader of a liberation movement decided to negotiate before he had won.”

        It was De Klerk who began to take the screws out of the edifice of apartheid and open the pathway to negotiations with other parties.  Serving in the governing white National Party, which had introduced apartheid in 1948, De Klerk held ministerial positions till becoming party head in February 1989.  Between 1984 and 1989, he served as education minister, overseeing the notorious Bantu education program.  On replacing PW Botha, De Klerk downgraded the State Security Council, primarily staffed by military and police, and restored civilian rule by cabinet.

      • A Dystopian Hellscape Beckons: 21 Dark Clouds Over 2021 Amerika

        +1. The Fascist Beast is Uncaged and Chomping at the Bit for Vengeance

        For details on the distinct likelihood of the fascist Trump’s distinctly possible and tragic if absurd return to power along with an absurdly Republican-Amerikaner Congress and Supreme Court, please see my latest Counterpunch commentary. The deeply conservative and gas-emitting octogenarian Joe Biden’s approval rating is down to a pathetic 38% ten months into his ill-fated presidency. Biden’s horrific vice president Kamala “Do Not Come” Harris has sunk below Dick Cheney to 28%. Republican voter suppression and nullification ducks are being lined up in a nice authoritarian row across Red State America. Seven in ten USAers say the nation is on the wrong track. The Amerikaner Party of Trump (the GOP) is posed to take back Congress in 2023, also helping grease the skids for Trumpzilla II: The Revenge of Malignant Orange. The Trumpenstein is chomping at the bit to come back and unleash white armed male rage like never before. The Mar a Lago crime boss is already beating Biden in match-up polls. So what if he was rightly impeached twice during a monumentally corrupt and white-supremacist presidency that included, among other terrible things:

      • Analysis Shows Proposal in House Reconciliation Bill Would Deliver Tax Cut for Millionaires

        A new analysis of Democrats’ proposed Build Back Better plan shows that it would deliver a tax cut for about two-thirds of U.S. millionaires.

        The average tax cut for those making over $1 million would be $16,760, according to the Tax Policy Center (TPC) analysis released Thursday.

      • The Mess Democrats Are In

        Democrats were sleepwalking toward disaster in the 2022 midterm elections before they got the proverbial wake-up call on November 2. The party’s off-year election losses in the supposedly blue state of Virginia, along with setbacks in other regions, confirmed the very real prospect that next year’s voting could cost Democrats control of Congress and multiple statehouses. But President Biden and his partisan allies in D.C. and the states face more than the indignity of a disempowerment along the lines of what Bill Clinton experienced in 1994 and Barack Obama confronted in 2010. If they fail to get their act together, Democrats will suffer a defeat that increases the likelihood of Donald Trump’s return to the White House as a full-blown authoritarian.1

      • Trump Said It Was “Common Sense” for His Backers to Want to Hang Pence on Jan. 6
      • Democrats File to Censure Gosar Over Video Showing Him Killing Ocasio-Cortez
      • ‘A Clear-Cut Case for Censure’: House Dems Respond to Gosar’s AOC Murder Video With Resolution

        Noting the “global phenomenon” of violence against women in politics and warning of the potentially deadly consequences of “vicious and vulgar messaging,” 60 U.S. House lawmakers on Friday introduced a resolution to censure Rep. Paul Gosar for posting an edited anime video depicting him killing Congresswoman Alexandria Ocasio-Cortez and attacking President Joe Biden with swords.

        “As the events of January 6 have shown, such vicious and vulgar messaging can and does foment actual violence.”

      • The Senate Cannot Be Reformed—It Can Only Be Abolished

        The united states senate was a bad idea from the start. At the Constitutional Convention in 1787, populous states like Virginia supported the idea of a unicameral national legislature, with representation based on the population of each state. That’s the kind of system one would expect in a representative democracy.

      • The Forty Years War: Tariq Ali and Afghanistan

        Tariq Ali, a Marxist theorist and historian of note, lecturer across continents, an editor of New Left Review, longtime contributor to CounterPunch and so on, happens also to be very much a participant in the regional events around the Indian subcontinent and nearby Afghanistan. He is Pakistani by origin—or rather in the part of India that would become Pakistan—as everyone knows. Far away from his homeland more than a half-century, apart from visits, he commands intimate knowledge of the people of the region, the contradictions, hopes and despair marking the post-colonial era. All this is part of him.

        Here is a source, if by no means the only source, of his unique insights. There is no “Afghanistan Question” without a “Pakistani Question.” The flow back and forth across the borders artificially created by the colonial powers has not ceased, but rather accelerated with the internal strife, the blundering Russian effort to perpetuate a buffer state against Western instrusions, and the following catastrophe of US invasion and occupation.

      • Sanders Leads Senators in Backing Kaiser Permanente Workers Before Planned Strike

        Sen. Bernie Sanders, joined by seven Democratic colleagues, sent a letter Friday to Kaiser Permanente chair and CEO Greg Adams in support of tens of thousands of healthcare workers planning to strike on November 15 unless negotiations for a fair contract improve.

        “These employees are heroes and heroines and should be treated as such.”

      • Facebook Limits Some Ad Targeting; People Still Won’t Be Happy

        I still think that the power of targeted advertising is somewhat overblown (and that neither Google nor Facebook want to admit that). Relatedly, I think that bad targeted advertising creeps people out way too much, and that’s a problem. However, given all that, Facebook’s newly announced plans to remove certain forms of targeting from its targeted advertising program seems kind of weird.

      • Senate Urged to Reject Biden’s ‘Poor Choice’ for FDA Chief Over Ties to Big Pharma

        Ignoring concerns about the influence of Big Pharma, U.S. President Joe Biden on Friday nominated former Food and Drug Administration Commissioner Dr. Robert Califf to reclaim the post—which he held during the Obama administration, when Biden was vice president.

        “The Senate… must reject Califf’s nomination and demand that Biden nominate an individual who has been dedicated to advancing public health.”

      • Biden’s pick for FDA chief works at Google

        President Biden has selected Robert Califf as his pick for the next head of the Food and Drug Administration, the White House announced today. Califf is currently a senior advisor for Verily Life Sciences and Google Health, two divisions of parent company Alphabet. He was brought on in 2019 to lead health strategy and policy for the groups.

        Califf, a cardiologist, previously served as the FDA commissioner during the last year of the Obama administration. He also founded the Duke Clinical Research Institute, which runs clinical trials.

      • Human rights groups claim Facebook is interfering with report on hate speech in India

        Human rights groups say that Facebook is narrowing the scope of and delaying the process for an independent report commissioned to investigate hate speech on the tech giant’s platform in India.

        Representatives for the groups told The Wall Street Journal they provided hundreds of examples of inflammatory content and suggested ways the platform could better moderate content in India to the firm Facebook commissioned in mid-2020 for the report, but said the tech giant is stifling the independent report.

      • A Conversation with Slavoj Žižek

        The following interview between Slavoj Žižek and Leonardo Caffo was recently published in the Italian magazine Sette—the weekly supplement of the daily newspaper, Corriere della Sera. It has been translated for Public Seminar by Thomas Winn.

      • Biden Signs Chinese Equipment Ban, Aviation on C-Band, Michael Copps Op-Ed

        Huawei is one of the largest global providers of 5G equipment, but recently reported large sales decreases due to the U.S. government measures taken against it. These losses have been exacerbated by the Commerce Department effectively blacklisting Huawei and ZTE.

      • Qatar to handle US interests in Afghanistan, in bridge to Taliban

        The United States said Friday it would set up an interests section in Afghanistan under Qatar, creating a more direct way to assist US citizens and engage with the Taliban after the embassy in Kabul was shuttered.

        The step marks the latest diplomatic win for Qatar, the wealthy Gulf state that has increasingly positioned itself as the pivotal US ally on Afghanistan.

    • Misinformation/Disinformation

      • Dr. Ryan Cole and Mike Adams: Fear mongering about cancer and COVID-19 vaccines

        A common antivax claim that encountered not long after I first started paying attention to the antivaccine movement is that vaccines cause cancer. I’ve encountered a number of variations of this claim throughout the years, but the most common and persistent claim is that the polio vaccine was contaminated with SV40 virus. While it is true that back in the late 1950s, batches of polio vaccine were contaminated with a monkey virus known as SV40, which can cause cancer in experimental animals, as I discussed in my usual excessive depth when analyzing what I like to call this “zombie meme,” there’s no evidence of an increase in cancer rates attributable to the polio vaccine. Completely unsurprisingly, more recently antivaxxers have been trying to blame COVID-19 vaccines for causing cancer, sometimes (as is their common practice) totally misrepresenting unrelated research to make their false claims. They’re still at it, of course, packaging this old lie in a new form. Specifically an Idaho doctor and anti masker, Dr. Ryan Cole, is claiming that he’s seeing a huge increase in endometrial cancer since the vaccines have rolled. Sure, he was doing this two months ago, but now he’s being amplified again, which led me to decide that it’s worth discussing, given that I missed addressing this bit of misinformation when it first surfaced.

      • Covid vaccine holdouts are caving to mandates — then scrambling to ‘undo’ their shots

        In a TikTok video that has garnered hundreds of thousands of views, Dr. Carrie Madej outlined the ingredients for a bath she said will “detox the vaxx” for people who have given into Covid-19 vaccine mandates.

      • YouTube temporarily suspends Ron Johnson’s channel over COVID-19 misinformation

        YouTube account was suspended for one week starting Friday for uploading content violating the platform’s policy against COVID-19 misinformation.

        The video that triggered the suspension was a roundtable discussion in which the lawmaker falsely claimed that coronavirus vaccines are unsafe.

    • Censorship/Free Speech

    • Civil Rights/Policing

      • The Democratic Party’s “Failed Promises” to Immigrants

        Months ago, Senate Democrats let Parliamentarian Elizabeth MacDonough kill their chance to pass a $15 minimum wage. When MacDonough, the unelected staffer who interprets the rules of the chamber, decided that a plan to gradually increase the minimum wage didn’t fit Senate rules, Democrats could have ignored the nonbinding opinion or fired her for standing in the way of their agenda, as Republicans have done in the past. Instead, they did nothing about it. Now, as the party rushes to resolve its social spending bill, Democrats are hiding behind the parliamentarian again. This time, they could blow their last chance to establish protections for undocumented immigrants, a promise they’ve campaigned on for decades.

      • Do We Really Want Another FDR?

        The media though has been the ones promoting the concept of a dysfunctional Democratic Party. The alternative media are known as the Trumpenleft also peddles the same obsession with only one of the corporate duopoly parties. For them, it’s only the Democrats to blame, at times even especially the progressive Democrats. This like much of their misinformation will make a real-world impact but they don’t care as long as the checks keep coming in.

        So if their predictions of a return of the Right come true, they are to blame.

      • It’s Time To End The Anti-Circumvention Exemption Circus

        Copyright as we know it goes back to the Statute of Anne of 1710. A law that old is clearly going to struggle to cope with the enormous changes in technology that have taken place since then – notably the Internet. But even relatively recent copyright laws were framed in ways that have become unworkable for the digital world we live in.

      • American History: Let’s Face the Truth

        And conservative white America has been losing for quite some time — losing control of the future, that is. The good old days of unabated white supremacy aren’t coming back; racism can only maintain a public forum, and political relevance, if it’s wrapped in political correctness. In other words, racism can’t (openly) be racism anymore. That’s where Karl Marx comes in.

        Excuse me, I mean Critical Race Theory: the enemy, the sower of hatred among children. CRT is an academic concept that almost no one had ever heard of, which has been turned into the scapegoat of the moment.

      • ‘The Anti-Blackness of the US Is Extending to Black Asylum Seekers’

        Janine Jackson interviewed the Black Alliance for Just Immigration’s Nekessa Opoti about Haitian refugees for the November 5, 2021, episode of CounterSpin. This is a lightly edited transcript.

      • “Executive Privilege” Should Be Ended, Not Extended

        If  Trump’s name goes down in history for anything of substance rather than mere flash, it  should probably be for his bizarre claim that  people who aren’t executives anymore retain  “executive privilege” over information pertaining to their time in office.

        The concept of “executive privilege” appears nowhere in the US Constitution, but instead developed over history in court decisions, culminating in 1974’s US v. Nixon.

      • Fifth Circuit Awards Immunity To Cop Who Thought It Would Be A Good Idea To Jump On A Moving Car And Kill The Driver
      • It Doesn’t Exclude Women to Acknowledge Everyone Who Can Get Pregnant

        To say that abortion bans, like those recently passed in Texas, are part of a war on women is true. But to say they are a war on women alone is to erase the harm experienced by the transgender, intersex, nonbinary and gender expansive individuals whose lives are also deeply impacted by access to abortion and reproductive healthcare.

      • As the Supreme Court Weighs the Future of Abortion, Women Are Already Suffering

        In the nearly 50 years since the Supreme Court decided Roe v. Wade, there has perhaps never been a more consequential moment for abortion rights than the one we are in now. This fall, the nation’s highest court is hearing not one but three cases that could upend the fundamental promise at the heart of Roe: that pregnant women in the United States have a right to an abortion until a fetus becomes viable, which is around 24 weeks. On November 1, the court heard the first two of these cases, Whole Woman’s Health v. Jackson and United States v. Texas, which addressed Texas’s near-total abortion ban, the law known as SB 8. And on December 1, the court will hear arguments in Dobbs v. Jackson Women’s Health Organization, which takes on the 15-week abortion ban passed by Mississippi in 2018. In that case, the state has made a direct appeal to the Supreme Court to overrule Roe.

      • Roaming Charges: Split Identity Politics

        I didn’t see any Democratic candidates seeking the endorsement of Ibram X. Kendi or campaigning on trans rights, black reparations or defunding the police. Certainly not Terry McAuliffe. McAuliffe was so “woke”; he regularly directed his limo driver to ferry him to the northern Virginia home of Bill Kristol to plot campaign strategy.

        Yet, the refrain is always the same. The Democrats loss a narrow off-year election in a southern state because of their obsession “identity politics,” alienating that mythic demographic of white male “blue-collar” voters, even though increasingly most of the factory workers in Virginia these days are recent immigrants from Mexico and Central America toiling on the unforgiving killing floors of slaughterhouses and industrial chicken and hog confined feeding plants.

      • Rittenhouse Judge Makes Racist Comment Against Asians in the Courtroom
      • We Work Too Damn Much. Let’s Demand a 4-Day Workweek by 2022.
      • Opinion | White Tears Over Kenosha

        Earlier this week, a friend texted me this prediction about the outcome of Kyle Rittenhouse’s murder trial: “Kyle Rittenhouse walks or only [gets convicted] of minor charges and gets probation.”

      • 2 ex-Oklahoma officers convicted of murder in stun gun death

        Two former Oklahoma police officers face up to 10 years in prison after being convicted of murder for using their stun guns more than 50 times on an unarmed man who later died.

        A Carter County jury last week convicted former Wilson police officers Brandon Dingman, 35, and Joshua Taylor, 27, of second-degree murder and assault and battery with a dangerous weapon. They each face up to 10 years in prison when they’re formally sentenced next month.

      • Germany: Again anti-Semitic and Islamist postings by heads of mosques

        Once again, DITIB board members are attracting attention with anti-Semitic and unconstitutional Facebook postings. The national association regrets the comments and distances itself.

        It is the comments of individuals. But the Facebook postings by board members of the DITIB mosques in Osnabrück, Hildesheim and Hanover raise questions. Researchers from the Göttingen Institute for Democracy Research found the posts in random samples on social networks.

      • Dontae Sharpe: US man wrongfully imprisoned for 26 years pardoned

        Governor Roy Cooper said in a statement announcing the pardon that he had carefully reviewed the case, and those who have been wrongly convicted like Mr Sharpe “deserve to have that injustice fully and publicly acknowledged”.

    • Digital Restrictions (DRM)

      • DRM Breaking Games Again, This Time Due To New Intel Chip Architecture

        We were just discussing how Denuvo’s inability to renew one of its domains suddenly prevented lots of paying customers from playing several of their paid-for video games. While we can laugh at Denuvo’s ineptitude, the real point in all of that is once again how DRM in video games tends to prevent nothing when it comes to piracy, yet paying customers tend to get impacted for a variety of reasons. DRM, in other words, almost universally functions to punish paying customers, which is stupid.

    • Monopolies

      • Patents

      • Copyrights

        • The Future of Open Webinar Recap & Recording

          The CC Copyright Platform was established as a discussion space to strategize on copyright reform as a complementary action to developing and stewarding CC licenses. Over the last few months, each working group has discussed, researched and dissected these issues, and produced four Position Papers encapsulating their outcomes, available now on the CC Medium Publication.

        • Soccer is The Number One Gateway Sport to Online Streaming Piracy

          A new report published by Synamedia shows that soccer is the number one gateway sport to other forms of sports piracy. This is also true for the US where soccer has a relatively smaller audience. India is the only exception in the researched countries, with cricket as the main piracy gateway. In the Middle East, meanwhile, pirated camel racing streams are thriving.

        • Major Publishers Expand Sci-Hub, Libgen and Ebook Piracy Blocking

          The Publishers Association, Elsevier and Springer Nature have obtained permission to expand their anti-piracy campaigns in the UK. Major ISPs are now required to block even more domains that help to facilitate piracy, including those that assist people to access the infamous Sci-Hub and Libgen, platforms that are already subjected to intensive blocking.

        • Metal Gear Solid 2 And 3 Taken Off Digital Storefronts Over Licensing For Historical Videos

          When you let ownership and copyright culture fester, breed, and expand, eventually it gets out of control. While that might sound like an obvious sort of thing to say, allowing it to happen produces unexpected but also obvious results. For instance, allowing this to happen creates a culture of fear around what those creating new content can do with existing content. While readers here will be familiar with the importance and practical usage of fair use, caution often causes creators to shy away from that affirmative defense.

        • Jury Correctly Recognizes That Print-On-Demand Website Isn’t A ‘Counterfeiting’ Business Engaged In Infringement

          Phew. Earlier this year, I wrote about a case I witnessed down in LA, in which the print-on-demand website RedBubble was deemed by a jury to have infringed on the trademark rights of the clothing store Brandy Melville, despite not actually selling any items that matched Brandy Melville’s trademarks on clothing that Brandy Melville sells — and being extraordinarily proactive in taking down things once alerted to the fact that certain designs might be infringing. Again, as noted, I served as an expert witness in that case and filed a report, but did not need to testify. The very same law firm, representing a few different plaintiffs, has been busy suing RedBubble and other print-on-demand businesses, apparently trying to carve out a niche. Since that ruling, there has been a lot of back and forth between the parties (some of it quite… emotional), but as it stands now, the ruling has been appealed to the 9th Circuit, where it should be an interesting one to watch.


Links 12/11/2021: AlmaLinux 8.5 and Alpine 3.14.3

Posted in News Roundup at 9:39 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Server

      • Kubernets Blog: Dockershim removal is coming. Are you ready?

        Last year we announced that Dockershim is being deprecated: Dockershim Deprecation FAQ. Our current plan is to remove dockershim from the Kubernetes codebase soon. We are looking for feedback from you whether you are ready for dockershim removal and to ensure that you are ready when the time comes. Please fill out this survey: https://forms.gle/svCJmhvTv78jGdSx8.

        The dockershim component that enables Docker as a Kubernetes container runtime is being deprecated in favor of runtimes that directly use the Container Runtime Interface created for Kubernetes. Many Kubernetes users have migrated to other container runtimes without problems. However we see that dockershim is still very popular. You may see some public numbers in recent Container Report from DataDog. Some Kubernetes hosting vendors just recently enabled other runtimes support (especially for Windows nodes). And we know that many third party tools vendors are still not ready: migrating telemetry and security agents.

      • Pull container images faster with partial pulls | Enable Sysadmin

        Have you ever wondered why it takes so long to pull a container image from a container registry with a container tool like Podman?

      • What you need to know about cluster logging in Kubernetes

        Server and application logging is an important facility for developers, operators, and security teams to understand an application’s state running in their production environment.

        Logging allows operators to determine if the applications and the required components are running smoothly and detect if something unusual is happening so they can react to the situation.

        For developers, logging gives visibility to troubleshoot the code during and after development. In a production setting, the developer usually relies on a logging facility without debugging tools. Coupled with logging from the systems, developers can work hand in hand with operators to effectively troubleshoot issues.

        The most important beneficiary of logging facilities is the security team, especially in a cloud-native environment. Having the ability to collect information from applications and system logs enables the security team to analyze the data from authentication, application access to malware activities where they can respond to them if needed.

        Kubernetes is the leading container platform where more and more applications get deployed in production. I believe that understanding the logging architecture of Kubernetes is a very important endeavor that every Dev, Ops, and Security team needs to take seriously.

    • Audiocasts/Shows

    • Kernel Space

      • Linux 5.15.2
      • Linux 5.14.18
      • Linux 5.10.79
      • Linux 5.4.159
      • Linux 4.19.217
      • Linux 4.14.255
      • Linux 4.9.290
      • Linux 4.4.292
      • Linux To Start Seeing Enablement Patches For Intel “Raptor Lake” – Phoronix

        Following today’s inaugural patch, over the coming weeks we are expected to see Intel Raptor Lake patches beginning to make it out onto the public kernel mailing list for review.

        Raptor Lake is anticipated to be the 13th Gen Core processors and successor to the recently launched Alder Lake processors. Previous leaks around Raptor Lake have pointed to the new “Raptor Cove” performance core and an improved Gracemont power efficiency core. Leaks have also suggested Raptor Lake S could top out at a 24 core / 32 thread design. The launch of Raptor Lake is expected in 2022.

      • Faster Ceph With Linux 5.16 Now That Async Dirops Have Been Flipped On – Phoronix

        The Ceph open-source distributed storage system can now enjoy better performance out-of-the-box with Linux 5.16.

        Last year with Linux 5.7 the Ceph file-system driver added the feature of async directory operations “dirops” and now finally with Linux 5.16 that is being enabled by default. After lots of testing this summer on Ceph’s async dirops code, the developers are comfortable enabling it by default rather than requiring the “nowsync” mount option.

      • Graphics Stack

        • The Future Is Nowish

          Zink can now run all display platform flavors of Weston (and possibly other compositors?). Expect it in zink-wip later today once it passes another round of my local CI.

        • Experimental Mesa Zink Code Managing To Run Wayland’s Weston Compositor – Phoronix

          Following Mesa’s Zink OpenGL-on-Vulkan translation driver finally running “glxgears” in a correct and performant manner, the newest milestone acheived by lead Zink developer Mike Blumenkrantz is managing to run Wayland’s Weston compositor.

          With experimental, yet-to-be-merged or even MR’ed code for Zink, Blumenkrantz can now get the Wayland reference compositor running on Zink which in turn is then running off the native Vulkan driver.

        • Intel Posts Linux Graphics Driver Patches For Raptor Lake – Same As Alder Lake – Phoronix

          When writing this morning about intel “Raptor Lake” Linux enablement to begin, I didn’t expect that to bear fruit so quickly in just a matter of hours… As predicted, that Linux bring-up for the Alder Lake successor is beginning now — and doing so at full-speed with the initial Raptor Lake S (RPL-S) graphics support being posted.

          Following that early indicator today of the Raptor Lake model ID being posted, Intel’s graphics driver team has posted their initial patches bringing up Raptor Lake S graphics for their “i915″ kernel graphics driver. As of writing, the Mesa Vulkan/OpenGL driver user-space patches haven’t been posted but are likely coming out soon.

        • Radeon Software 21.40.1 Linux Driver Unifies ROCm, Uses New Driver Distribution Model – Phoronix

          AMD this week quietly released Radeon Software for Linux 21.40.1 as a fundamentally big update for this packaged driver stack targeting enterprise Linux distributions.

          The Radeon Software for Linux 21.40.1 packaged driver release is their first that usess unified ROCm (Radeon Open eCosystem) and graphics drivers. This packaged driver has integrated/unified their compute stack with what is offered by ROCm compared to prior releases also having still shipped their legacy OpenCL/compute components. Moving forward it’s all the ROCm-based approach for OpenCL/compute. However, machine learning users for now at least are encoutaged to use the upstream ROCm packages as the v21.40.1 point release hasn’t been formally validated for that use-case yet.

        • Zink OpenGL-On-Vulkan Can Finally Render glxgears With Great Speed – Phoronix

          While the Zink OpenGL-on-Vulkan code within Mesa is close to OpenGL 4.6 conformant and running many OpenGL games at good performance, it’s taken until now to see good performance out of the glxgears benchmark.

          It took a long time for glxgears to even render correctly on Zink even when it was on to running various demanding OpenGL Linux games… It was just earlier this year Zink correctly rendered glxgears but was doing so incredibly slow.

        • AMDGPU Linux Driver Preparing To Enable DSC-Over-eDP For More Power-Savings – Phoronix

          While the AMD Radeon “AMDGPU” Linux kernel graphics driver has supported VESA Display Stream Compression (DSC) over DisplayPort connections, until now it hasn’t supported the power-savings feature for eDP panels.

          Since Display Stream Compression 1.1 the specification has supported Embedded DisplayPort for reducing the amount of data transferred and in turn reducing system power consumption and helping battery life on laptops.

          Finally the AMDGPU Linux kernel driver is preparing to enable Display Stream Compression for the eDP interface.

    • Applications

      • Linux users: These text-based file managers are overlooked gems

        Terminal-based file managers may seem like relics of ancient times, but even in this age of touchscreens, nothing can handle hundreds of files more efficiently. Besides, a terminal may still be your only option to work on remote servers or recover your files after a system crash.

        Two file managers for Linux that deserve more coverage are nnn and ranger. These file managers are made for terminals, but they’re also usable with a mouse and available as binary packages for most Linux distributions.

    • Instructionals/Technical

      • What’s the difference between a desktop environment and a window manager in Linux?
      • Zabbix 5.4 – MariaDB – Centos 8
      • Install TaskBoard with Apache and let’s Encrypt SSL on Debian 11

        TaskBoard is a free and open-source Kanban application used to keep track of things that need to get done. It is a PHP-based and self-hosted application that helps you to keep track of all tasks. It provides a simple and user-friendly web interface for managing all your tasks. It is used by teams or organizations to represent work and its path towards completion.

      • How To Upgrade Ubuntu 21.04 to 21.10 via Command Lines

        This tutorial explains step by step to upgrade an Ubuntu desktop from version 21.04 Hirsute Hippo to 21.10 Impish Indri with command lines. You will need to prepare a good internet access, enough disk space, and some patience to work with it. Good luck!

      • How To Install OpenNMS on Debian 11 – idroot

        In this tutorial, we will show you how to install OpenNMS on Debian 11. For those of you who didn’t know, OpenNMS is an open-source and enterprise-grade network monitoring and management solution. It is a network monitoring application that gathers critical information from local and network hosts using the SNPM protocol. It can be installed on Linux and Windows operating systems and provides a web-based interface to monitor network traffics through a web browser.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenNMS Network Monitoring Solution on a Debian 11 (Bullseye).

      • How To Install FreeIPA Client on Rocky Linux/Alma Linux/CentOS 8

        In this article, we will learn how too install freeipa client on Rocky Linux/Alma Linux/CentOS 8. This guide will also work on other RHEL 8 based systems.

        This integrations allow a System Administrator to conveniently configure the server centrally, on the FreeIPA server. When a management command is executed on the Client machine, the FreeIPA client sends it to the server where it is executed.

      • How to Setup Anonymous FTP in Rocky Linux 8.4

        FTP servers are commonly known to facilitate file transfers between clients and servers. Typically, ftp servers offer two types of access levels: Authenticated and Anonymous. The first method (Authenticated) requires a valid username and password in order to access the files and directories. The second method ( Anonymous) being anonymous, we can download files without restrictions. You can download files directly by using the default user “FTP” or “anonymous”;

        Linux has many FTP packages, but only a few have a good design and provide even the most basic level of security, and vsftpd is among the most secure. This guide will teach you how to configure the VSFTPD server to allow anonymous FTP downloads without any restrictions. As part of this exercise, we’ll install an FTP server on Rocky Linux 8.4. However, these instructions can be adapted for RHEL, CentOS, Fedora, Ubuntu, and Debian with a few changes.

      • How to install Erlang on Fedora 35 – Citizix

        Erlang is a functional, general-purpose, concurrent programming language and garbage-collected runtime environment built for concurrency, fault tolerance, and distributed application architectures. It is supported and maintained by Ericsson OTP product unit.

        In this guide, we will install Erlang/OTP in a Fedora 35 Server/Workstation.

      • How to install RabbitMQ in Fedora 35 – Citizix

        In this guide we will explore how to install the latest release of RabbitMQ in Fedora 35 server or Workstation

        RabbitMQ is an open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). RabbitMQ works by receiving messages from publishers (applications that publish them) and routes them to consumers (applications that process them).

      • How to install Xubuntu 21.10

        In this video, I am going to show how to install Xubuntu 21.10.

      • How to play 911 Operator on Linux

        911 Operator puts the player in the role of a 911 dispatcher for emergency lines and services. It is a fun and challenging video game. It was developed by Jutsu Games and published by Games Operators. Here’s how you can play 911 Operator on Linux.

      • How to run Windows 11 in a KVM virtual machine | MontanaLinux.org

        First of all… “What!?! An article about Microsoft Windows on this Linux oriented website?!?!” Yes. Hey, I’m running Windows 11 as a KVM virtual machine on my Dell Latitude E6440 laptop that is 6+ years old… using Fedora 35 as my VM Host. I don’t think Windows 11 would want to run on the physical hardware either… but the method I mention should make it work in many places that it would refuse to because of hardware requirements enforced by the installer.

      • Arch Linux Install Guide with GNOME 41.1 – If Not True Then False

        Many may think that installing Arch Linux is difficult. In reality, the process is not much different from installing any Linux, except that the installation is done on the command line. Arch Linux own installation guide is excellent, but I’m trying here to explain in a little more detail how the whole process goes. This is my own command list for installing Arch Linux with GNOME Desktop.

        Following this guide you can install Arch Linux with GNOME 41.1 desktop, networkmanager, systemd-boot, btrfs, man pages and basic devel packages. I assume that you are using Linux when you create your installation iso. If you use Windows, then use Windows tools to create bootable USB Media.

      • 16 Practical and Useful Examples of Echo Command in Linux

        The shell commands have always been a crucial tool in Linux. So learning about them gives a user fine-grained control over the Linux machine. Such a command of Linux bash shell is echo command. However, the echo command seems to be a pretty straightforward and easy one. It has a unique job that cannot be done with other commands, especially while writing a bash script. The echo command in Linux is mainly used for printing text in the console. It can show messages for the user while a bash script is executing.

      • How to Install Chromium Browser on Fedora 35 – LinuxCapable

        Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. The Chromium codebase is widely used. Microsoft Edge, Opera, and many other browsers are based on the code.

      • How to Install OpenLiteSpeed on Rocky Linux/AlmaLinux –

        In this tutorial guide we will learn how to install Openlitespeed server on Rocky Linux/Alma Linux

        Openlitespeed is an easy to use open source web server. It offers unbeatable features and performance to your website along with top notch security. The server understands all the Apache rewrite rules and has intelligent cache acceleration features that let you implement the fastest caching on your server.

      • How to SSH into a Docker Container and Run Commands – Unixcop the Unix / Linux the admins deams

        Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.

        Docker is a utility that lets you create a container for running applications. A Docker container is a fully-contained virtual machine.

        This guide will show you three methods to SSH into a Docker container and run commands.

      • How to Turn Off directory browsing on Apache and Nginx – Unixcop the Unix / Linux the admins deams

        The directory content listing enabled by default when you install Apache web server, This may_be a desirable features in some scenarios, but it’s a potential security hole in others. It’s easy enough to turn this setting on or off for each website (virtual host) that you have set up.

        In this guide, we’ll show you how to turn off directory browsing on Apache & Nginx web servers.

      • How to install and Configure Mariadb 10 in Debian 11 – Citizix

        MariaDB is an open-source one of the most popular relational database management system (RDBMS) that is a highly compatible drop-in replacement of MySQL. It is built upon the values of performance, stability, and openness, and MariaDB Foundation ensures contributions will be accepted on technical merit.

        MariaDB was developed as a software fork of MySQL in 2009 in response to Oracle’s acquisition of MySQL. MariaDB intends to remain free and open-source software under the GNU General Public License. It is part of most cloud offerings and the default in most Linux distributions.

        In this guide we will learn how to install and configure MariaDB in Debian 11.

    • Games

      • Relaxing jelly-taming RPG Alchemic Cutie is out now on Steam | GamingOnLinux

        Fancy exploring a cute pixel-art land filled with wild bouncing jellies? Alchemic Cutie is a very sweet casual RPG and it’s officially out now on Steam. Note: key provided by the developer.

        Developed by Viridian Software / Vakio is another entry in the colourful and casual market, a very welcome addition too as it’s properly wholesome. Wimba Island, the place you live, is a magical land filled with wild jellies. These strange creatures roam the lands and your family has made a living out of breeding them.

      • Ryan Gordon gets an Epic MegaGrant to further improve SDL, helping with next-gen APIs | GamingOnLinux

        Looks like cross-platform game development with SDL is going to get easier, as Ryan Gordon (also known as Icculus) has confirmed an Epic MegaGrant and details what it will be used for.

        What is SDL? Simple DirectMedia Layer (SDL) is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware. It is used by video playback software, emulators, popular games and some game engines.

        Ryan Gordon is one of the people responsible for its development, and Gordon has also ported plenty of games to Linux, macOS and other platforms over many years. In a new post on Patreon, a fun announcement was detailed about an approved Epic MegaGrant and how it’s going to be used to improve SDL.

      • Megaquarium: Architect’s Collection is out now with 15 new animals | GamingOnLinux

        Megaquarium: Architect’s Collection is a new and exciting sounds expansion pack for the impressive aquarium building game that’s now available.

        Developed by solo-studio Twice Circled from Tim Wicksteed, released originally in 2018 Megaquarium is their second game following on from Big Pharma in 2015. You can pick from tons of different species to house in your exhibits, satisfy their needs and don’t let them die, all while you try to keep your guests happy and busy. This new expansion gives players new ways to build up your aquarium spaces with bridges, archways, tunnels and more along with new creatures.

      • Valve Shares New Steam Deck Details, Proton Update Available For Testing – Phoronix

        Valve today hosted the much anticipated Steam Deck Development Livestream where they and their partners at AMD talked more about the forthcoming Steam Deck’s hardware and software.

        The recording from the livestream is embedded below for those interested, but some of the key takeaways from today’s developer-focused Steam Deck event included…

      • Halloween Game Lets You Shoot Zombies With A Laser-Powered Crossbow | Hackaday

        Suppose you were looking for all the essential elements to make a great Halloween-themed shooting game. Zombies? Check. Giant “lasers”? Check. Crossbows shooting forks? We’ve got you covered. Check out “Fork The Zombies“, which was set up by [piles.of.spam] to entertain the neighborhood kids this Halloween.

        The game is played on a big screen, which shows a horde of angry zombies marching toward the player, who has to shoot as many as possible before they reach the front of the screen. The weapon provided is a crossbow; when the trigger is pulled, a fork is launched and hopefully skewers one of the ghouls. The game was written using an open-source engine called Urho3D, which takes care of all the hard-core 3D and physics work, allowing the user to focus on designing the gameplay and visuals.

      • Valve Says SteamOS 3.0 Will Be Available for Everyone to Download and Install

        SteamOS was available to download for free, like many other GNU/Linux distributions out there, and you were able to install it on any machine if you wanted to turn it into a full gaming computer. I personally followed its development, and the latest version ever released was SteamOS 2.195, more than two years ago.

        Apparently, during this time, Valve rebased their SteamOS distro on Arch Linux, a powerful and flexible rolling-release distribution, most probably to provide users with the latest security and software updates as soon as their are available upstream.

      • Forza Horizon 5 now runs on Linux, sort of

        Forza Horizon 5 is one of the biggest games of the year and has seen unprecedented player numbers and rave reviews. The PC version it’s fair to say has had some issues, but the fact it’s available through Steam also opened up the possibility of playing on Linux, and therefore Steam Deck, thanks to Valve’s Proton.

        Initially, it was a bust, but these folks don’t sit still for long and already there have been some positive developments. Improvements in the bleeding edge versions of Proton Experimental have enabled Forza Horizon 5 to be played on Linux with some positive reports.

      • Forza Horizon 5 on Linux? Yeah okay fine, Proton Experimental was updated | GamingOnLinux

        So it wasn’t enough that Age of Empires 4 from Xbox Game Studios was now playable on Linux, Proton Experimental has once again been upgraded to get Forza Horizon 5 off the starting line. That’s right, you can now play the latest (and greatest?) from Playground Games and Xbox Game Studios on Linux.

        That was the single change noted in the update notes from Valve for Proton Experimental for November 11. It should work across both AMD and NVIDIA GPUs now too, although it’s all still experimental of course. Buy at your own peril for now but hey — a couple days from release is pretty damn good for the latest title to begin working. Have to hand it to the developers at Valve and CodeWeavers working on Proton, they certainly know their stuff.

      • Steam Deck and Proton: Good & Bad Times Ahead – Boiling Steam

        Steam was released as a beta for Linux nine years ago. While Linux gaming was a niche within a niche before that time, in the years since, gaming on Linux has been only getting better and more convenient. Valve released their own console-like distro SteamOS in 2013, and while it was a mess, distros like ChimeraOS have drastically improved the quality-of-life experience of PC gaming in the living room.

        Valve brought most of their game catalog to Linux, while many Linux gamers were begging developers to port their games over. Some did, most of whom were indie developers, and porting was made easier thanks to engines like Unity and Unreal offering one-click export options. Companies like Feral Interactive, Aspyr, and Virtual Programming did the AAA stuff, bringing titles like Borderlands 2, Bioshock Infinite, the Tomb Raider reboot series, the F1 series, and many more hits to our beloved platform. While some of the ports were hit or miss, it was awesome just seeing the splash screen for GRID Autosport back in 2015 as the game was booting up.

        As it stands today, there are over 60k titles available on Steam. Just a little over 9k (15% of the entire catalog) are available natively for Linux. In late 2017, a few months prior to the announcement of Proton — a collection of tools combined to create the best Windows gaming experience on Linux — the number of Linux titles was at its peak. Slowly over time, however, the number of native titles dropped, as Proton was proving to not only play many titles out-of-the-box, but now game developers didn’t have to spend the time and extra resources to support a secondary platform when Proton took care of most things for them.

      • Live – Building Gaming Server… for everything! – Invidious
      • Barotrauma gets its biggest discount yet and a Steam Free Weekend | GamingOnLinux

        2D co-op submarine death simulator Barotrauma will be having a big sale and a Steam Free Weekend starting later today. Your chance to buddy up with some friends and watch the chaos unfold.

        Barotrauma sends up to 16 players on an underwater journey in a sci-fi submarine in the oceanic depths of Jupiter’s moon Europa. The crew discovers alien wonders and horrors, commands various submarine systems, and fights to survive dangers from both outside and within. The game is continuously being updated and improved.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • Telegrand is a Modern GTK4 Telegram Client for GNOME in Development

          For Ubuntu, Fedora, and other Linux with GNOME desktop, a modern GTK4 Telegram app “Telegrand” is under development.

          Telegrand is the free open-source client written in Rust programming language. By using libadwaita library, it has an adaptive user interface to fit all screen sized.

          Though Telegram has official app for Linux, this new app is worth expecting for GNOME users. As an in-development project, it isn’t considered stable software yet. So far, it supports log in via phone number or using QR code.

    • Distributions

      • 5 Lightweight Linux Distributions to Revive Old Computers

        Many users may have a set of old computers laying around, which they have accumulated over the years. Instead of throwing them at the trash, you should know that you can revive these old computers with lightweight Linux distributions.


        Now a lot of other people and websites may recommend a totally different set of lightweight distributions for you, but in our selection, we didn’t just care for resources usage and the distribution’s ability to work on old hardware.

        Instead, we also cared for the ease of use and your ability as a user to deal with the distribution on daily basis to do your tasks. At the end, the goal is not simply to get an old computer to just work – the goal is to get an old computer to work and do things that you need as someone living in 2021.

        Remember that the definition of an “old computer” varies a lot. A 2014 laptop can almost run any Linux distribution released today, but a 2009 old laptop? Not much. Here, we are talking about hardware which is at most 10 years old.

        So let’s end chatting… Here are our 5 most recommended lightweight Linux distributions for you.

      • New Releases

        • Alpine 3.14.3 released

          The Alpine Linux project is pleased to announce the immediate availability of version 3.14.3 of its Alpine Linux operating system.

      • SUSE/OpenSUSE

        • The future driving is software, the future of software is open source

          ith new entrants and incumbents enlivened by technology, competition is fierce in the auto industry. Yet, it’s how carmakers respond to the digitization, electrification and automation of how we move that will define whether they still exist in a decade’s time.

          Automakers can no longer afford to ignore the reality of CASE – Connected, Autonomous, Shared and Electric driving – and the way it’s already reengineering the competitor landscape. The pace of change is only going accelerate.

        • openSUSE Tumbleweed – Review of the week 2021/45 – Dominique a.k.a. DimStar (Dim*)

          Tumbleweed keeps being predictable when it comes to the update cadence. This week, we could publish 5 fully tested snapshots (1104, 1105, 1106, 1107, and 1110).

      • IBM/Red Hat/Fedora

        • Red Hat Enterprise Linux 8.5 is Heavily Focused on Developers

          Red Hat Enterprise Linux (RHEL) 8.5 brings new features and improvements to help deployments, optimize performance and help risk mitigation.

          Red Hat announced a few days ago the release of the new version of Red Hat Enterprise Linux 8.5. The 8.x branch, which will be supported until at least 2029, is evolving according to a new predictable development cycle, which involves the formation of releases every six months at a predetermined time.

        • RHEL 8.5 delivers key container improvements | ZDNet

          Returning to RHEL basics, its web console, which is based on the open-source Cockpit project, now enables you to live patch the kernel from it. Previously, you could only keep your Linux running while updating the kernel in real-time by using the shell.

          The updated web console also includes an enhanced-performance metrics page. With this, you can more easily identify high CPU, memory, disk, and network resource usage spikes and their causes. In addition, you can also more easily export metrics to a Grafana server for a deeper look at what’s going on in your servers.

          Red Hat is also continuing to integrate its Ansible DevOps program into RHEL. RHEL’s system roles now use Ansible roles and modules to configure, automate, and manage RHEL services.

        • AlmaLinux 8.5 is Here for Those Who Want to Leave CentOS Behind

          AlmaLinux, the Linux distribution designed specifically as a CentOS replacement, just released version 8.5 as its third stable release.

          AlmaLinux OS is an open source, community-governed and forever-free enterprise Linux distribution. It is focused on long-term stability and delivering a robust production-grade platform. It is a production-ready drop-in replacement for the CentOS Linux distribution that will cease to be supported at the end of this year.

          AlmaLinux OS Foundation, the nonprofit that stewards the community owned and governed open source CentOS alternative, today announced delivery of its third stable release within 48 hours of general availability of the upstream Red Hat Enterprise Linux 8.5 release.

        • AlmaLinux 8.5 Is Out, Less Than 48 Hours After Latest RHEL Release

          Less than 48 hours after the release of Red Hat Enterprise Linux 8.5, developers at the RHEL clone, AlmaLinux, pushed their own 8.5 version out the door. This means there’s already a drop in replacement for Red Hat’s latest and greatest, ready for production use without a subscription from Red Hat or anyone else.

        • AlmaLinux OS 8.5 Released with New Repositories and SCAP Profiles, Updated Components

          AlmaLinux OS 8.5 builds on the changes that Red Hat implemented in their Red Hat Enterprise Linux 8.5 release, and also adds two new repositories, including ResilientStorage and Plus, as well as new OpenSCAP Security Guide profiles, including a new profile aligned with the Australian Cyber Security Centre Information Security Manual (ACSC ISM), a new STIG profile compatible with server with GUI installations, and a new French National Security Agency (ANSSI) high level profile.

        • David Cantrell: rpminspect-1.7 released

          rpminspect 1.7 is now available. This release includes a lot of fine tuning and bug fixing as more projects and workflows adopt rpminspect.

          The main feature present in the 1.7 release is the unicode inspection. This inspection has been added in response to the Trojan Source vulnerabilities that were recently disclosed to the public. The inspection checks text files in source RPMs as well as extract source archives for any files containing forbidden Unicode code points. The forbidden code points have to be defined in the rpminspect configuration file. See the data/generic.yaml file for an example configuration block for the unicode inspection. The code points defined there are the bidirectional code points the Trojan Source vulnerability discusses.

        • IBus 1.5.25 is released | DesktopI18N’s Blog

          IBus 1.5.25 is now released and available in Fedora 35.

          # dnf update ibus

          This release changes the default Emoji shortcut key to Ctrl-period, which was Ctrl-Shift-e previously, to follow GTK shortcut keys. MS-Windows provides Super-period shortcut key for Emoji typing and MacOS does Command-Shift-space shortcut key currently.

        • IT careers: 5 steps to get hired before the holidays [Ed: IBM says, create an account with Microsoft to get a job. Red Hat under IBM is not what it once was...]

          One of the biggest misconceptions about job searching is that hiring stops during the holiday period. Job seekers often wait until the beginning of the year to restart their job application process, but there’s no need to take a break.

          Organizations are looking to fill open spots before they close the budget for the end of the year. Many are desperately looking for candidates. By strategically applying for opportunities during the holiday period, you can increase your chances of landing a job even before the start of the next year.

        • Video: The right features make technology more adaptable & adoptable, says Red Hat’s Phil Andrews [Ed: Mostly fluff, maybe Red Hat paid for it too (IBM)]

          Phil Andrews, VP and General Manager, CEMEA Region, Red Hat, shares insights into the findings of the latest ‘The State of Enterprise Open Source’ report and calls on organisations to work with the right vendors to fully maximise the opportunities and innovations within open source communities.

        • Linux and Cloud Native Security: Red Hat’s Perspective [Ed: Red Hat is buying puff pieces (see disclosure at the bottom), just like Microsoft does]

          The Linux Foundation and Red Hat are sponsors of The New Stack.

      • Devuan Family

        • Devuan Chimaera – Back to the future, forward to the past

          The most frustrating thing about this whole deal is that I wasn’t able to get to the point where init matters, to see how it fares and compares to systemd. But then, the live system started in only about 20 seconds from an ancient USB2.0 stick, not different from any other distro. It was blazing fast in the live session. Ugly but fast. Then, I remembered. MX Linux. There’s a Debian-based distro, which is fast, simple, elegant AND uses init. And it boots fast and true. So I can relax.

          Back to Devuan. The experience is quite similar to Debian. It’s not meant for home use unless you’re willing to invest a lot of energy getting everything sorted out nicely. But then, at that point, you might as well use a derivative distro that has been polished, tweaked and made practical by someone else. On top of that, Devuan wouldn’t even boot after the installation, so there’s very little else for me to say. Until the next time.

      • Canonical/Ubuntu Family

        • Snapcraft offline mode – Build snaps while saving data

          As part of the snap creation cycle, the Snapcraft tool creates isolated build instances inside which all of the necessary work – download of sources, compilation, packaging, etc. – is done in a safe manner, without touching the host system. While there are many advantages to the use of the virtual machines (via Multipass) or containers (via LXD) for these tasks, the downside is a fairly liberal use of the network bandwidth to setup and configure the Snapcraft work environment.

          In some scenarios, you may be constrained in your available network throughput or data. To help with that, the latest build of Snapcraft comes with a new, experimental offline mode, designed to minimize the reliance on online sources, and allow you to continue working and building snaps even if you have no access to the network.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Top 5 Open-Source Project Management Tools for Linux

        Different project management software tools come in all shapes and sizes, vary in functionality and deployment models (SaaS or on-premises) but they are always used to collaborate and delegate tasks based on the needs of a team.

        No matter the size of the team and its field of activity, the goal remains the same – assigning project roles and responsibilities to team members, monitoring their progress, and managing the project budget to achieve some valuable results.

      • 16000 curl commmits [Ed: Daniel Stenberg has let Microsoft proprietary software manage his software, which is bad because GitHub is run by people from the NSA]

        Almost 14 months since I celebrated 15,000 commits in curl’s source code repository I have now passed 16,000 commits.

        My commit number 16,000 was a minor man page fix.

        The official gitstats page shows that I’ve committed changes on almost 4,600 separate days since the year 2000.

      • SaaS/Back End/Databases

        • Odyssey 1.2 released

          Odyssey team is pleased to announce the release of Odyssey 1.2, a scalable multi-threaded connection pooler for PostgreSQL\GreenplumDB designed for the cloud.

        • PgBouncer 1.16.1 released

          PgBouncer 1.16.1 has been released. This is a minor release with a security fix.

      • Public Services/Government

        • In the spirit of open government, France dumps 9,067 repos online to show off its FOSS credentials

          Le Gouvernement de la République française – the government of France for Anglophones – has published a website containing 9,067 repositories of FOSS software created by 1,022 organisations and groups in the French public sector.

          After two years of work, the site hit version 1.0 on Wednesday.

          Helpfully for non-Francophones, the homepage and much of the info is in English – although saying that, just to warn you, the same isn’t true of all the background information and the various organisational pages we’re about to link to.

          The site is run by Etalab [Fr], which is a department of DINUM [Fr], the Interministerial Digital Directorate, and the software is released under Etalab’s Open License 2.0 – defined in English in this PDF file.

          The release happened as a result of a decree [Fr] of Open Government [Fr] from 30 October 2019 after the French government joined the Open Government Partnership in April 2014.

        • Applying EU Open Source Policy in the United States

          As we reported previously, a study from the European Commission investigating the impact of open source software (OSS) and hardware estimated that a €1 billion investment in open source software resulted in an impact of between €65 and €95 billion on the European economy. The report also outlined extensive recommendations for enabling future EU growth of open source hardware and software.

          A recent article by Frank Nagle for the Brookings Institution further examines the study in terms of U.S. digital infrastructure and in light of the bipartisan infrastructure bill.

      • Programming/Development

        • Qt Online Installer 4.2.0 released

          We are happy to announce that Qt Installer Framework, Qt Online Installer and Qt Maintenance Tool 4.2.0 have been released.

        • Perl/Raku

          • Perl Weekly Challenge 138: Workdays and Split Number
          • The Ephemeral Miniconf

            The Ephemeral Miniconf is planned on thursday 18th of november 2021!

            Have you heard about The Ephemeral Miniconf ?

            It’s a Perl/Raku free and online miniconf that will take place on Zoom!
            Think “TPRCiC” but smaller with only one track :)

          • Util::H2O ~ Iterative Refinement of Existing Perl Code

            Util::H2O is an incredibly powerful tool for managing HASH references in a more natural way.

            This post is the first of several that will explore this awesome module. I’ve started using it quite a bit in both new code and in existing code. There are several imporant cases where it really shines. Here we explore the power it has to iteratively refine existing code. It’s also fun and easy to introduce into existing code.

            Util::H2O provides a method called h2o that provides a very powerful way for turning a hash reference to an object. Generally speaking, this means I get accessors with as few keystrokes as possible.

  • Leftovers

    • Education

      • Educational Gag Orders

        Between January and September 2021, 24 legislatures across the United States introduced 54 separate bills intended to restrict teaching and training in K-12 schools, higher education, and state agencies and institutions. The majority of these bills target discussions of race, racism, gender, and American history, banning a series of “prohibited” or “divisive” concepts for teachers and trainers operating in K-12 schools, public universities, and workplace settings. These bills appear designed to chill academic and educational discussions and impose government dictates on teaching and learning. In short: They are educational gag orders.

        Collectively, these bills are illiberal in their attempt to legislate that certain ideas and concepts be out of bounds, even, in many cases, in college classrooms among adults. Their adoption demonstrates a disregard for academic freedom, liberal education, and the values of free speech and open inquiry that are enshrined in the First Amendment and that anchor a democratic society. Legislators who support these bills appear determined to use state power to exert ideological control over public educational institutions. Further, in seeking to silence race- or gender-based critiques of U.S. society and history that those behind them deem to be “divisive,” these bills are likely to disproportionately affect the free speech rights of students, educators, and trainers who are women, people of color, and LGBTQ+. The bills’ vague and sweeping language means that they will be applied broadly and arbitrarily, threatening to effectively ban a wide swath of literature, curriculum, historical materials, and other media, and casting a chilling effect over how educators and educational institutions discharge their primary obligations. It must also be recognized that the movement behind these bills has brought a single-minded focus to bear on suppressing content and narratives by and about people of color specifically–something which cannot be separated from the role that race and racism still plays in our society and politics. As such, these bills not only pose a risk to the U.S. education system but also threaten to silence vital societal discourse on racism and sexism.

    • Hardware

      • Three-Dimensional Design Yields Compact Seven-Segment Hex Displays | Hackaday

        Computers, from the simplest to the most complex, aren’t very useful if they can’t provide feedback to a user. Whether that interface takes the form of a monitor, a speaker, or a simple LED, there’s almost always some kind of output. One of the most ubiquitous is the ever-present seven-segment display. They’re small, they’re easy to use, and, perhaps most important, they’re cheap.

      • Is This 12-layer PCB Coil The Next Step In Ferrofluid Displays? | Hackaday

        [Applied Procrastination] is in the business of vertical ferrofluid displays, but struggles somewhat with the electromagnets available off the shelf and the proliferation of wiring that results. [Carl Bugeja] is in the business of making PCB coils, both with rigid and flex PCB substrates, so when the opportunity for a collaboration arose, [AP] jumped at the opportunity.

      • The Scrolling Orb

        The evolution of the trackball, which is more than an upside-down mouse. It’s the Royal Canadian Navy’s greatest gift to modern-day computing. Really.

        Ever find yourself in a bar with a single arcade machine, and the machine is inevitably not targeting gamers? Like, rather than, say, a fighting game or something iconic like NBA Jam or even Donkey Kong, it’s either a variation of Big Buck Hunter, a bowling game like Silver Strike Bowling, or a golf game like Golden Tee. These games, of course, aim for a wide audience, quite literally in the case of Big Buck Hunter. But the golf and bowling games are notable, really, because of their control method—they don’t use a joystick; they use a massive trackball. As far as input devices go, the trackball is perhaps the nerdiest, and therefore the most interesting. It’s also older than you might expect. Today’s Tedium is gonna tell you all about it—and why it’s not just a glorified mouse. — Ernie @ Tedium

    • Integrity/Availability

      • Proprietary

        • Reasons to use WSL2 on Windows 11.

          (From a joke I made on IRC. I bet I get banned from #windows on Libera Chat shortly.)

        • Forbes: ‘Desperate’ Microsoft Making It Harder To Switch Windows 11 Browser
        • Security

          • This Week in Security: Unicode Strikes, NPM Again, and First Steps to PS5 Crack [Ed: Microsoft keeps serving malware through NPM and the media keeps blaming the victims, who basically receive malicious software because of Microsoft]

            Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.


            Last week, the coa and rc packages temporarily updated to versions containing malicious code. The timing, and nearly identical added code, indicates that it was the same individual or group behind both packages. While the malware seemed to be non-functional on some systems, it should be assumed that anywhere these malicious versions were deployed is compromised. At a combined 20 million weekly downloads for these two packages, there are sure to be many compromises, even given the short time the malicious packages were available on the 4th. NPM was hosting the malicious version of coa for one hour and twelve minutes. The rc package pushed the malicious update a couple hours later, and it’s unclear how long that version was available.

            The malicious code was run using a preinstall script, which seems to be the common vector for these hacks. There have been suggestions that install scripts should be disabled by default. While that would prevent these very simple attacks, it wouldn’t actually protect against the underlying problem. Supply chain attacks are a growing problem, but they seem to be particularly problematic in the world of full-stack JavaScript. If the popularity of node.js and npm are to continue, we will need a better solution to this pernicious problem.

          • Security updates for Friday

            Security updates have been issued by Debian (node-tar, postgresql-11, postgresql-13, and postgresql-9.6), Fedora (autotrace, botan2, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, pfstools, php-pecl-imagick, psiconv, q, R-magick, radeontop, rss-glx, rubygem-rmagick, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, and WindowMaker), Mageia (kernel, kernel-linus, and openafs), openSUSE (kernel), Red Hat (freerdp), SUSE (bind and kernel), and Ubuntu (openexr, postgresql-10, postgresql-12, postgresql-13, and samba).

          • CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations

            CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution or information exposure.

            CISA encourages users and administrators to review ICSA-21-315-02: Multiple Data Distribution Service (DDS) Implementations and apply the necessary updates as quickly as possible.

          • MacOS Zero-Day Used against Hong-Kong Activists

            Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

          • Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users

            Google researchers caught hackers targeting users in Hong Kong exploiting what were at the time unknown vulnerabilities in Apple’s Mac operating system. According to the researchers, the attacks have the hallmarks of government-backed hackers.

            On Thursday, Google’s Threat Analysis Group (TAG), the company’s elite team of hacker hunters, published a report detailing the hacking campaign. The researchers didn’t go as far as pointing the finger at a specific hacking group or country, but they said it was “a well resourced group, likely state backed.”

            “We do not have enough technical evidence to provide attribution and we do not speculate about attribution,” the head of TAG Shane Huntley told Motherboard in an email. “However, the nature of the activity and targeting is consistent with a government backed actor.”

          • Reproducible Builds (diffoscope): diffoscope 191 released

            The diffoscope maintainers are pleased to announce the release of diffoscope version 191. This version includes the following changes:

            [ Chris Lamb ]
            * Detect XML files as XML files if either file(1) claims if they are XML
              files, or if they are named .xml.
              (Closes: #999438, reproducible-builds/diffoscope#287)
            * Don't reject Debian .changes files if they contain non-printable
              characters. (Closes: reproducible-builds/diffoscope#286)
            * Continue loading a .changes file even if the referenced files inside it do
              not exist, but include a comment in the diff as a result.
            * Log the reason if we cannot load a Debian .changes file.
            [ Zbigniew Jędrzejewski-Szmek ]
            * Fix inverted logic in the assert_diff_startswith() utility.

          • diffoscope 192 released
          • SSH through host in the middle

            Following command will ssh through host in the middle. Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.

          • Microsoft: New security updates trigger Windows Server auth issues
          • Open Source Project Aims to Detect Living-Off-the-Land Attacks
          • Microsoft Intune bug forces Samsung devices into non-compliant state
          • ‘Lyceum’ Threat Group Broadens Focus to ISPs
          • ClusterFuzzLite: Continuous fuzzing for all

            In recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. NIST’s guidelines for software verification, recently released in response to the White House Executive Order on Improving the Nation’s Cybersecurity, specify fuzzing among the minimum standard requirements for code verification.

          • ClusterFuzzLite: Continuous fuzzing for all (Google Security blog)

            Over on the Google Security blog, Jonathan Metzman announced the release of ClusterFuzzLite, which is “a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before”. ClusterFuzzLite is a descendant of OSS-Fuzz, which we looked at in 2017.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

          • Privacy/Surveillance

            • 1.8 TB of Police Helicopter Surveillance Footage Leaks Online

              LAW ENFORCEMENT USE of surveillance drones has proliferated across the United States in recent years, sparking backlash from privacy advocates. But newly leaked aerial surveillance footage from the Dallas Police Department in Texas and what appears to be Georgia’s State Patrol underscore the breadth and sophistication of footage captured by another type of aerial police vehicle: helicopters.


              The footage the group released Friday, samples of which were viewed by WIRED, shows helicopters operating during the day and at night, capturing everything from vistas high overhead to cars lined up at a McDonald’s drive-through, and individuals standing in their yards or on local streets. The leak illustrates the inherent risk of collecting and retaining sensitive footage that could be breached.

              “This is exactly one of the things that people are constantly warning about, especially when it comes to government surveillance and corporate data mining,” Best told WIRED in a text message interview. “Not only is the surveillance itself problematic and worrisome, but the data is not handled in the ideal conditions we’re always promised.”

              The vast majority of the leaked footage appears to come from the Dallas Police Department. In response to three screenshots from the leak, DPD public information officer Brian Martinez wrote in an email that “the pictures show screenshots of video from the department helicopter.” He declined to comment about DPD’s data storage practices, including how long the department retains helicopter surveillance videos. “Due to security measures, we are not able to discuss data storage,” he wrote. “All video from the helicopter is available to any person requesting the video through the Open Records Act.”

    • Defence/Aggression

      • To Avoid Armageddon, Don’t Modernize Missiles—Eliminate Them

        The single best option for reducing the risk of nuclear war is hidden in plain sight. News outlets don’t mention it. Pundits ignore it. Even progressive and peace-oriented members of Congress tiptoe around it. And yet, for many years, experts have been calling for this act of sanity that could save humanity: Shutting down all of the nation’s intercontinental ballistic missiles.

        Four hundred ICBMs dot the rural landscapes of Colorado, Montana, Nebraska, North Dakota, and Wyoming. Loaded in silos, these missiles are uniquely—and dangerously—on hair-trigger alert. Unlike the nuclear weapons on submarines or bombers, the land-based missiles are vulnerable to attack and could present the commander in chief with a sudden use-them-or-lose-them choice. “If our sensors indicate that enemy missiles are en route to the United States, the president would have to consider launching ICBMs before the enemy missiles could destroy them. Once they are launched, they cannot be recalled,” former Defense Secretary William Perry warns. “The president would have less than 30 minutes to make that terrible decision.”

    • Environment

      • Fake Fake Exposes Real Fakes – Tricksters in an age of dirty tricks

        In what would have been a monumental first for the group, the Yes Men supposedly got an absurd fake company — “YASAVA,” producing “bespoke airplane couture” for private corporate fleets — accepted into two official COP26 “Net Zero” programs: the Race to Zero and Science-Based Targets initiatives (which also, incidentally, include Maersk, Chevron, Halliburton, Delta, United, American, DL Piper, Edelman, JP Morgan, Hitachi, Iberdrola, Unilever, and thousands more climate luminaries from the transport, mining, and fossil energy sectors).

        The “fake” Yes Men release went out at 8am GMT Monday, Nov. 8 and was soon followed up with a (fake) “reveal” from our partners in crime, Glasgow Calls Out Polluters (GCOP), who simultaneously released their (very real) report, “Race to Zero (credibility),” about the same two COP26 “net zero” initiatives.

    • Finance

      • How the Super Rich Changed a City, For Better or Worse | Time

        On the steps of city hall, Mayor David Anderson hollered a guttural “Wahhh!!!” and shot his arms into the sky to celebrate, looking like an inflatable air dancer blowing in the wind.

        “Four! Hundred! Million! Dollars!” he shouted, in July, to city residents in Bronson Park, a leafy plaza adorned with bronze busts and plaques honoring pioneers and philanthropists.

        Anonymous donors had just given what is thought to be the largest-ever gift to support a municipality, and for city officials, it felt like winning the lottery. It was also a win for two of Kalamazoo’s richest men, philanthropists William Parfet and William Johnston, who created the foundation that received the money and that will determine how most of it is spent.

      • What the Hell Is ‘Right-Clicker Mentality’?

        Every new subculture eventually develops its own language, and the people buying and selling NFTs are no different.

        The blockchain scene is full of crypto-heads spouting phrases like WAGMI (we are going to make it), cope, and GM (good morning). Sometimes a subculture will produce a new phrase or buzzword so beautiful it gets adopted by the wider culture. So it is with “right-clicker mentality.”

        An NFT-bro using the phrase “right-clicker mentality” went viral on October 26 on Twitter while talking about Salt Bae. If you aren’t familiar, Salt Bae is a Turkish chef named Nusret Gökçe who went viral in 2017 for the way he sprinkles salt on meals. His restaurants boomed on the back of his internet success and now he charges tens of thousands of dollars for gold-encrusted steaks at his London location.

        A popular genre of post online right now teaches you how to make Salt Bae-quality meals at bargain prices. In one video, a man recreated one of Salt Bae’s $2,000 steaks for about $90. A NFT fan apparently felt that this was an example of what they called a “right-clicker mentality” and took to Twitter to share their frustration.

        “This is a great example of right-clicker mentality,” Midwit Milhouse said on Twitter. “Sure, you can make your own gold-coated steak for 65GBP, but then you don’t have the satisfaction, flex, clout that comes from having eaten at Salt Bae’s restaurant. The value is not in the cost of the steak. Go ahead, make yourself a gold-coated steak at home. Post a picture of it on Instagram. See how much clout it gets you. Salt Bae’s dish costs around 1500GBP because people want to pay 1500 GBP to show off that they can afford to pay that much. It’s all about the flex.”

      • A mainnet swap and its subsequent domino effects led the price of this token to 5x in a month

        A system modeled after Linux operations strives to improve institutional adoption, the next step in the technology’s mainstream usage.


        aelf is designed as a customizable OS, the equivalent of a “Linux system” for blockchain. Considering Linux as an example, the Linux Kernel and other Linux versions make up a greater Linux family. The Linux Kernel addresses the critical parts within this family, while other developers can address the customized systems. aelf operates with a similar system, where the whole network is built in the platform’s innovative multi-library selection structure, enabling unlimited scalability and lower costs.

    • AstroTurf/Lobbying/Politics

      • Cory Doctorow: The Unimaginable

        Margaret Thatcher was the least science-fictional world leader in modern history.

        Her motto was “There is no alternative,” a phrase she repeated so often it became an acronym: “TINA.”

        She was referring to capitalism, asserting that there is no conceivable alternative. It was a cheap but remarkably effective rhetorical device, treat­ing a demand as an observation. The true meaning of TINA isn’t “No alternative is possible,” but rather, “Stop trying to think of an alternative.”

        I mean, thinking of alternatives is literally my job.

        TINA is part of a philosophy, “capitalist realism,” a phrase coined by Mark Fischer in the early 2000s. Fischer said that capitalist realism is best captured in the quote “It is easier to imagine an end to the world than an end to capitalism” (this quote has been vari­ously attributed to the philosopher Slavoj Žižek and the literary critic Fredric Jameson).

        Žižek (or possibly Jameson) got a lot closer to the problem than Thatcher ever did. For while it’s easy to imagine something after capitalism, imagining capitalism’s sunset is far harder.

Links 12/11/2021: PipeWire 0.3.40 and FreeBSD 12.3 RC1

Posted in News Roundup at 7:14 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Librem 14 EC Upgrade Hardware Method

        Librem 14s shipping today are already running the latest and greatest EC firmware. For those that already have their Librem 14, keeping your Librem EC firmware updated is simple with our ISO upgrade method. Still, for those needing to recover or test development EC builds, this video will explain how to upgrade your EC with a chip programmer.

      • System76 is developing its own Pop OS desktop in Rust – itsfoss.net

        System76 seems to want to become the Apple of Linux, with all the differences that being based on open source software supposes … more or less, because there is everything. Thus, while on the one hand it is announced that the company is developing its own desk , on the other it is denounced

        But let’s start at the beginning: System76, the Apple of Linux? It is a way of speaking. They were one of the first brands to sell Linux computers; they later promoted their own Ubuntu-based distribution, Pop! _OS ; They adapted GNOME to their demands, modifying it and renaming it COSMIC … Which did not take shape until recently , it should be noted … And now they announce the intention of developing their own desktop.

      • System76 is a toxic collaborator, denounced from GNOME

        And what does GNOME say about System76’s plans to create its own desktop ? Any. He says it about something else, although it is not exactly GNOME as an organization – although it could well be – the one that raises its voice, but Chris Davis, one of its developers in an extensive article entitled “System76: a case study on how not to collaborate with the upstream «.

        «The following post was written in the context of the events that occurred in September. […] I waited hoping that we could come to a happy ending with System76. As time passes, that hope has faded. Attempts to connect to System76 have not been productive, and I think we’ve let the impression that GNOME has been given to the tech community linger too long, ”Davis begins.

        Davis accuses System76 of launching FUD ( fear, uncertainty and doubt , as is) against GNOME , but also against specific people in the GNOME environment as a result of the debates about the future of the project that led to the noted GNOME Way article. It is also not the first time that System76 acts like this, according to Davis, who has lost his confidence in the company correcting its ways.

      • Open Up: Contributions and Collaborations

        Hello fellow space travelers! It’s been a while since we catalogued all of our goings on here on Starship Pop!_OS, so we thought it might be a good time to highlight what our upstream contributions have looked like over the last couple of years. We’ve been logging some major light years! Have a look.

      • The Chrome OS virtual keyboard is joining the dark side, adding Linux app support, and more [Ed: Google 'reinventing' the same thing it took away when it chopped down Gentoo to make its spyware]

        The Chrome OS virtual keyboard – the on-screen typing experience – has undergone plenty of changes for the better over the past year. In Chrome 85, it got a major facelift featuring key borders (love it or hate it) and even became resizable. While we knew it was going to receive light and dark mode at some point, the most we knew for sure is that it would coincide with the release of light and dark mode for the entire operating system.

    • Server

      • Huawei hands its cloud Linux to China’s only open source foundation

        Huawei has donated the cut of Linux it created to run on its cloud, and silicon, to China’s only open source foundation.

        The Chinese giant’s OS is called EulerOS and is derived from CentOS. EulerOS runs on x86 silicon but is tuned for top performance on the Arm64 architecture – which is what Huawei uses in the Kunpeng 920 CPUs it designed to power its own servers, cloud, and even the occasional laptop.

        Huawei’s list of the operating system’s features and benefits states it includes KVM virtualization, ext4, the GFS2 cluster file system, systemd, Linux containers, and can manage user identities across Linux, UNIX, and Windows domains to help with your SSO needs.

        EulerOS also comes in an edition called OpenEuler that’s maintained by a community said to comprise 7,233 contributors, 274,993 users, and 10 vendors that package the OS.

    • Audiocasts/Shows

    • Kernel Space

      • DAMON-Based Memory Reclamation Merged For Linux 5.16 – Phoronix

        Following Amazon’s DAMON being merged in Linux 5.15 as a data monitoring access framework, being merged for Linux 5.16 is an addition building on top of that for memory reclamation when experiencing system RAM pressure.

        Merged as part of Andrew Morton’s patch series for Linux 5.16 is DAMON-based memory reclamation that has been under review on the kernel mailing list the past few months.

        This proactive reclamation of memory pages can help under light memory pressure and makes use of Amazon’s DAMON framework for determining the cold pages on the system to reclaim.

      • Graphics Stack

        • David Airlie Hacking On Intel Vulkan Video Decode, Crocus Gallium3D VA-API – Phoronix

          Red Hat’s David Airlie has been working on early support for Vulkan Video API support with Mesa’s Radeon “RADV” driver while the past week he spent time working on similar treatment for Intel’s open-source “ANV” Vulkan driver and also resurrecting some unfinished VA-API video acceleration code he was working on for the Intel Crocus Gallium3D driver.

          Airlie was able to make some progress getting Intel Vulkan Video API acceleration working for the open-source Mesa Vulkan driver. With H.264 video decoding he is seeing some success now but still battling issues.

        • Dave Airlie (blogspot): h264 video decoding: i-frames strike back

          Last week I mentioned I had the basics of h264 decode using the proposed vulkan video on radv. This week I attempted to do the same thing with Intel’s Mesa vulkan driver “anv”.

          Now I’d previously unsuccessfully tried to get vaapi on crocus working but got sidetracked back into other projects. The Intel h264 decoder hasn’t changed a lot between ivb/hsw/gen8/gen9 era. I ported what I had from crocus to anv and started trying to get something to decode on my WhiskeyLake.

          I wrote the code pretty early on, figured out all the things I had to send the hardware.

          The first anv side bridge to cross was Vulkan is doing H264 Picture level decode API, so it means you get handed the encoded slice data. However to program the Intel hw you need to decode the slice header. I wrote a slice header decoder in some common code. The other thing you need to give the intel hw is a number of bits of slice header, which in some encoding schemes is rounded to bytes and in some isn’t. Slice headers also have a 3-byte header on them, which Intel hardware wants you to discard or skip before handing it to it.

          Once I’d fixed up that sort of thing in anv + crocus, I started getting grey I-frames decoded with later B/P frames using the grey frames as references so you’d see this kinda wierd motion.

        • Mike Blumenkrantz: Real Benchmarking

          That the one true benchmark for graphics is glxgears. It’s been the standard for 20+ years, and it’s going to remain the standard for a long time to come.

    • Applications

      • age – simple file encryption tool by Google

        Encryption software is an important consideration when it comes to protecting your files and folders. Hack attempts and privacy intrusions mean that it’s sensible to ensure that complete strangers don’t gain access to your most personal details stored on your computer.

        There are a number of different approaches you can take to protect your valuable data. For example, disk encryption uses disk encryption software to encrypt the entire hard disk. The onus is therefore not on the user to determine what data should be encrypted, or to remember to manually encrypt files. By encrypting the entire disk, temporary files, which may reveal important confidential data, are also protected. Security is enhanced further when disk encryption is combined with filesystem-level encryption.

      • PipeWire 0.3.40 Released With Better JACK Compatibility

        PipeWire 0.3.40 is out today with various bug fixes but also a number of improvements.

        PipeWire 0.3.40 continues work on enhancing its JACK compatibility with better matching that sound server’s behavior and reworking other code. There are also a number of fixes to its PulseAudio server code.

    • Instructionals/Technical

      • How to run Mariadb with Docker and Docker-Compose

        In this guide we are going to explore how to run Mariadb 10 locally with docker and docker compose. This can be helpful if you want to run Mariadb 10 locally without installing it in your machine or if you want to run multiple versions of Mariadb seamlessly.

      • How to install and use Podman in Debian 11

        Podman is a container engine that’s compatible with the OCI Containers specification. It is part of RedHat Linux, but can also be installed on other distributions. As it’s OCI-compliant, Podman can be used as a drop-in replacement for the better-known Docker runtime. Most Docker commands can be directly translated to Podman commands. Podman implements almost all the Docker CLI commands (apart from the ones related to Docker Swarm).

        Podman complements Buildah and Skopeo by offering an experience similar to the Docker command line: allowing users to run standalone (non-orchestrated) containers. And Podman doesn’t require a daemon to run containers and pods, so we can easily say goodbye to big fat daemons. There are no daemons in the background doing stuff, and this means that Podman can be integrated into system services through systemd.

      • Update Docker Container Automatically When Updating Services

        Imagine this scenario. You host a few web services running in Docker containers. When the web service has a new version release, you fetch the Docker image and update the containers to update the service.

        I have discussed updating Docker containers without downtime earlier but this article is not about upgrading the web apps. This one is about updating the operating system containers themselves.

        Upgrading the OS running in the container manually can be a daunting task from time to time. You must run the relevant upgrade commands yourself on a running container separately to make that happen.

        How about eliminating this extra step and combine the updating of OS along with the updating of the service?

      • How to install Erlang on Rocky Linux/Alma Linux/CentOS 8

        Erlang is a functional, general-purpose, concurrent programming language and garbage-collected runtime environment built for concurrency, fault tolerance, and distributed application architectures. It is supported and maintained by Ericsson OTP product unit.

      • How to Install LEMP Stack with PhpMyAdmin in Arch Linux

        Generally, the term LEMP stack can be broken down to Linux, Nginx, MySQL/MariaDB, and PHP modules. All these listed components have a priceless contribution in mimicking the behavior of a production server.

        We have a hosting environment (Linux), a web server (Nginx), a database engine/server (MySQL/MariaDB), and a scripting language (PHP).

      • How to Install Spotify on Debian 11 Bullseye – LinuxCapable

        Spotify is a digital music streaming service with both free and paid features. It is the world’s largest music streaming service provider, with over 381 million monthly active users, including 172 million paying subscribers, as of September 2021. Spotify can give you instant access to a vast online library of music and podcasts, which is very popular as you can listen to the content of your choice whenever you feel like it.

        In the following tutorial, you will learn how to install the Spotify application on your Debian 11 Bullseye desktop using three different methods.

      • How To Find A Package Version In Linux – OSTechNix

        Even though package management has become easier with the help of graphical package managers, some users always prefer the command line way. There are different commands to find out the package version in different flavors of Linux. Today, in this tutorial, we will be seeing how to find a package version in some popular Linux distributions such as Alpine Linux, Arch Linux and its derivatives, Debian and its derivatives, RHEL and its derivatives.

      • Switch to Dark Mode in Fedora Linux With GNOME Desktop

        Unlike Ubuntu, Fedora offers the actual, vanilla GNOME experience. And that works pretty well. The horizontal layout, the three finger swipe, it’s all good.

        The one thing I don’t like is the default standard theme which is a mix of Adwaita Light (default) theme and the dark shell.

        So, while the notifications and notification area are dark, rest of the system and applications have light theme. And quite honestly, it looks dull for my taste.

      • 8 Different Ways to Know Linux OS Version – Linux Shout

        It’s always crucial to know the Linux version and distribution you’re working with, whether you’re using Linux for personal or business reasons. That way, you’ll know which package manager to use to get new tools and upgrades, as well as which Linux forum to visit if you have any concerns or problems.

        Having the information about the Linux version can help you install the correct security patches and identify the available features in the OS. There are various methods for determining what distribution and version to install on a system. In this tutorial, we will explain different ways to know the Linux os version.

      • Install the Arduino IDE on Linux – PragmaticLinux

        Interested in developing software for your Arduino board in Linux? The Arduino IDE is the recommended tool for developing software and uploading the resulting firmware to your Arduino board. Luckily, the Arduino IDE is developed as a cross-platform solution, meaning that you can also install it on your Linux system. This article explains in detail how you install the Arduino IDE on your Linux PC.

      • How to install Funkin’ Miku Mod on a Chromebook

        Today we are looking at how to install Funkin’ Miku Mod on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • How to install Natron on Elementary OS 6.0 – Invidious

        In this video, we are looking at how to install Natron on Elementary OS 6.0.

      • ‘IP configuration was unavailable’: a laptop cannot connect wirelessly to a router | Fitzcarraldo’s Blog

        I recently switched my ISP from BT to Virgin Media because the speed and reliability of the broadband connection were low. A Virgin Media Hub 3 was supplied as part of the package, and the TV, laptops (Gentoo Linux, Windows 10 and macOS), desktops (Lubuntu and Windows 10), tablets and phones (Android and iOS) could connect to the Hub 3 without any trouble. A few weeks later Virgin Media offered to upgrade the hub to a Hub 4. I don’t look a gift horse in the mouth, so I accepted the offer. The Hub 4 does indeed improve on the already excellent broadband speeds I was getting with the Hub 3. On the downside the Hub 4’s configuration software has a couple of bugs, but I was able to live with them.

        In addition to the above-mentioned hub configuration bugs, one of my laptops (a Compal NBLB2 with Intel Wireless WiFi Link 5300 AGN adapter) running Linux could not connect to the hub via Wi-Fi, even though it had no trouble connecting to the Hub 3. All other devices so far can connect to the Hub 4, so I was scratching my head. The laptop has no trouble connecting to the Hub 4 via Ethernet cable.

      • A sane vim configuration for Fedora – Lukáš Zapletal

        I use vim on everyday basis from 1997 or something like that. My configuration is quite old, clunky, contains things for DOS and Windows even and I should have totally cleaned it up. It still works fine, however, recent reinstallation of my Fedora laptop brought me to the idea to start a new Vim configuration from scratch.

        I am not huge fan of heavily-customized Vim configs. Those configurations you can find in many blogposts, youtube videos or github config repositories. Thing is, when you login to a server that has a “vanilla” vim, things can be hard for people who got used to the custom plugins and other fancy stuff.

        For this reason, I’ve decided to come up with a “sane” Vim configuration. Minimum possible configuration changes and only plugins which ship with Fedora 34+. Here it is.

      • Nginx Performance Tuning – VITUX

        Nginx is a free open source high performing and lightweight web server that is used as the load balancer, reverse proxy, HTTP cache, and mail proxy. Although Nginx is quite new as compared to other web servers, its popularity is rising due to its high performance. With your default Nginx configuration, you might get fast performance but we can boost the Nginx performance at its best by changing some configurations.

        In this article, you will get to know 8 different best ways to boost Nginx for better performance. To demonstrate the example in this article I have installed Nginx on the Ubuntu 20.04 LTS system.

    • Games

      • LEDBOY Is A Retro-Modern Handheld Game | Hackaday

        Back in the 1970s, there were a few LED-based games on the market that were quickly superseded by the rise of LCDs and other fancier technologies. However, [grossofabian] wanted to recreate that classic style of game but with more modern hardware. The result is the LEDBOY, a colorful handheld game built in tribute to that era.

        The handheld is based around the ATtiny 1614 microcontroller, driving a 10×10 array of NeoPixel Nano 2427 LEDs, named for their small 2.4 mm x 2.7 mm form factor. They’re RGB, too, so there’s lots of wonderful colors to play with.

      • Steam Deck vs. Nintendo Switch: Is it a fair fight?

        Ever since the Steam Deck was announced, people have been trying to compare it to the Nintendo Switch. “Is the Deck a Switch Killer?” “Will it satisfy Nintendo fans who’ve been patiently waiting a Switch Pro?” “Will we ever get a third edition of the Deck?” In reality, these two devices serve quite different markets.

      • Valve’s Steam Deck developer event is open to all to watch today at 6PM UTC | GamingOnLinux

        Today (November 12) at 10am PST / 6PM UTC, Valve are hosting the Steamworks Virtual Conference: Steam Deck and you will actually be able to watch. As a reminder, the Steam Deck has been delayed.

        Originally, the announcement made it seem like you had to be a registered Steamworks developer to attend. However, Valve has sent out an email to confirm that “anyone can watch the event, only those signed in with a Steamworks developer account can participate in the live Q&A and chat”. If you will miss it, the sessions will be available archived afterwards. Additionally, Valve said they will release localized versions of the content next week.

      • Godot 3.4, new version of the open source game engine – LinuxStoney

        Godot 3.4 has been published as stable to continue with the development and consolidation of this Open Source graphics engine oriented to video games. Apart from the new features and improvements it brings, we can also highlight the emergence of the project itself, which is gradually making a dent in the scene mainstream after having gone unnoticed during its first years of life.

        For starters, and as far as the kernel is concerned, Godot 3.4 has brought in the validity checks of objects for release builds. Another interesting novelty is that the File API is now capable of manipulating files of more than 2GiB, something that has been introduced with the intention of breaking limitations when dealing with large projects and that has been achieved thanks to the fact that everything has been refactored to use 64-bit unsigned integers, so Godot, as of launch, is capable of loading files up to 8.4TiB .

        Keyboard input support has been improved to more effectively handle different keyboard layouts other than Anglo-QWERTY, for example causing movement key mapping to automatically switch from WASD to ZQSD on AZERTY keyboards. used in France and other French-speaking areas.

        To finish off the kernel, the have been ported back AES-ECB and AES-CBC encryption and decryption methods to add cryptographic features , so “Godot can now save and load public keys, sign and verify a hash with an RSA key. and encrypt and decrypt RSA keys ”.

      • Valve adds documentation for Steam Deck development, suggests Manjaro Linux for now | GamingOnLinux

        With the Steam Deck delayed until February 2022, Valve has produced new developer documentation giving a helping hand to devs interested in testing ready for it using Linux.

        They’re not quite ready to put out SteamOS 3 Linux just yet (which is what the Steam Deck uses), or even an official developer image to install but “soon” something should be available in that way. Until then, they’ve come up with a way for developers to test everything on Linux a little easier.

        It starts by going over the already expected essential things like gamepad input and resolution support but this time there’s more detail on actually testing it on a Linux system. Specifically, Valve are now suggesting developers go for Manjaro KDE, as it’s also based on Arch Linux and has the same Plasma desktop as you will find in the desktop mode with SteamOS 3 on the Steam Deck.

      • Baba Is You gets a level editor in a free update this month | GamingOnLinux

        Baba Is You, one of my most favourite puzzle games ever, is set to finally see the big level editor update on November 17 as a free upgrade for all owners.

    • Distributions

      • [Old] In His Own Words: Gary KIldall

        There is more, however. In 1993, the year before his untimely death, Gary wrote a draft of a memoir titled Computer Connections: People, Places, and Events in the Evolution of the Personal Computer Industry. He distributed bound copies to family and friends, with a note that it “will go to print in final form early next year.” It never did.

      • [Old] Kildall Manuscript [incomplete]

        Of course, CP/M went through many “versions” like the major and minor ones that I already talked about. In 1978, there was a lot of pressure to make a new one. The pressure came from manufacturers that were using the smaller 5-1/4″ disks, like the ones that were introduced with Woz’s Apple II. And, our OEMs were pushing for a new standard BIOS for the small disks.

      • BSD

        • FreeBSD 12.3-RC1 Now Available
          The first RC build of the 12.3-RELEASE release cycle is now available.
          Installation images are available for:
          o 12.3-RC1 amd64 GENERIC
          o 12.3-RC1 i386 GENERIC
          o 12.3-RC1 powerpc GENERIC
          o 12.3-RC1 powerpc64 GENERIC64
          o 12.3-RC1 powerpcspe MPC85XXSPE
          o 12.3-RC1 sparc64 GENERIC
          o 12.3-RC1 armv6 RPI-B
          o 12.3-RC1 armv7 BANANAPI
          o 12.3-RC1 armv7 BEAGLEBONE
          o 12.3-RC1 armv7 CUBIEBOARD
          o 12.3-RC1 armv7 CUBIEBOARD2
          o 12.3-RC1 armv7 CUBOX-HUMMINGBOARD
          o 12.3-RC1 armv7 RPI2
          o 12.3-RC1 armv7 WANDBOARD
          o 12.3-RC1 armv7 GENERICSD
          o 12.3-RC1 aarch64 GENERIC
          o 12.3-RC1 aarch64 RPI3
          o 12.3-RC1 aarch64 PINE64
          o 12.3-RC1 aarch64 PINE64-LTS
          Note regarding arm SD card images: For convenience for those without
          console access to the system, a freebsd user with a password of
          freebsd is available by default for ssh(1) access.  Additionally,
          the root user password is set to root.  It is strongly recommended
          to change the password for both users after gaining access to the
          Installer images and memory stick images are available here:
          The image checksums follow at the end of this e-mail.
          If you notice problems you can report them through the Bugzilla PR
          system or on the -stable mailing list.
          If you would like to use SVN to do a source based update of an existing
          system, use the "releng/12.3" branch.
          A summary of changes since 12.3-BETA3 includes:
          o A fix to the cd(4) driver to improve TOC access validation.
          A list of changes since 12.2-RELEASE is available in the releng/12.3
          release notes:
          Please note, the release notes page is not yet complete, and will be
          updated on an ongoing basis as the 12.3-RELEASE cycle progresses.
          === Virtual Machine Disk Images ===
          VM disk images are available for the amd64, i386, and aarch64
          architectures.  Disk images may be downloaded from the following URL
          (or any of the FreeBSD download mirrors):
          The partition layout is:
              ~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label)
              ~ 1 GB  - freebsd-swap GPT partition type (swapfs GPT label)
              ~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label)
          The disk images are available in QCOW2, VHD, VMDK, and raw disk image
          formats.  The image download size is approximately 135 MB and 165 MB
          respectively (amd64/i386), decompressing to a 21 GB sparse image.
          Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI
          loader file is needed for qemu-system-aarch64 to be able to boot the
          virtual machine images.  See this page for more information:
          To boot the VM image, run:
              % qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt  \
          	-bios QEMU_EFI.fd -serial telnet::4444,server -nographic \
          	-drive if=none,file=VMDISK,id=hd0 \
          	-device virtio-blk-device,drive=hd0 \
          	-device virtio-net-device,netdev=net0 \
          	-netdev user,id=net0
          Be sure to replace "VMDISK" with the path to the virtual machine image.
        • What every IT person needs to know about OpenBSD Part 3: That packet filter

          ‘Functional, free and secure by default’, OpenBSD remains a crucial yet largely unacknowledged player in the open-source field.

          This series aims to highlight the project’s signature security features and development practices — razor-sharp focus on correct and secure code coupled with continuing code audit — as well as the project’s role as a source of innovation in security practices and an ‘upstream’ source for numerous widely-used components such as OpenSSH, PF, LibreSSL and others. Part 1 focused on the history, Part 2 focused on usage and user experience, and this final part will looks at that packet filter (PF).

          I mentioned PF, the OpenBSD packet filter, earlier. I must confess that PF has been an important part of my life in various contexts since the early 2000s. Over the years, things I have written have contributed to creating the popular but wrong perception that OpenBSD was primarily a firewall operating system. There are a lot of useful and fun features that turned up in or in connection with PF over the years and were pioneered by OpenBSD. Some features were ported to or imitated in other systems, while others remain stubbornly OpenBSD only.

          So I will touch on some of my favourite PF and PF-attached features, in quasi-random but almost chronological order.

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

        • Audacity » PCLinuxO

          Audacity is a program that lets you manipulate digital audio waveforms. In addition to letting you record sounds directly from within the program, it imports many sound file formats, including WAV, AIFF, MP3 and Ogg/Vorbis. It supports all common editing operations such as Cut, Copy, and Paste, plus it will mix tracks and let you apply plug-in effects to any part of a sound. Updated to 3.1.1.

        • Vivaldi Browser » PCLinuxOS

          Vivaldi is a new web browser based on Chromium that is built by an Opera founder. Updated to 4.3.2439.65.

        • Signal Desktop » PCLinuxOS

          Signal Desktop is a private messaging application you can use right from your desktop. Updated to 5.23.1.

      • SUSE/OpenSUSE

        • OpenSUSE is Looking for Candidates to Run for Its Board

          There’s not likely to be anything sexy, like televised debates or nation state cracker hackers attempting to steal emails to influence the outcome, but the openSUSE Project is going to have a board election and they’re looking for a few good candidates to step up to the plate.

          In case you’re new to Linux, openSUSE is the mostly autonomous organization responsible for two Linux distributions based on SUSE, the commercial Linux distribution that’s vying for the “largest independent Linux vendor by revenue” category, now that Red Hat’s technically no longer an independent open source vendor.

      • IBM/Red Hat/Fedora

        • Red Hat 8.5 released with SQL Server and .NET 6 … this is Linux, right? [Ed: Tim Anderson is now painting the RHEL release as if Microsoft owns the whole thing. The Register is a loo, not journalism, and Microsoft Tim is showing his true colours again.]

          Version 8.5 of Red Hat’s Enterprise Linux operating system (RHEL) is out, with updates including .NET 6 and a system role for Microsoft SQL Server, as well as improved container support.

      • Canonical/Ubuntu Family

        • New software for old phones: Pixel 2 gets Android 12 and Ubuntu Touch ports – Liliputing

          The Google Pixel 2 and Pixel 2 XL smartphones were released in 2017 and they were pretty great phones with good performance and excellent cameras. But Google rolled out the last official update for the phones at the end of 2020, which means there’s no official Android 12 build for the Pixel 2 series and the phones no longer receives security updates.

          But independent developers are keeping Google’s hardware alive even after Google has abandoned it. You can now run Android 12 on the Pixel 2 XL thanks to a custom ROM. And if you’d rather try something quite different, Pixel 2 support is coming to the Linux-based Ubuntu Touch operating system. But you should be aware that some features may not be working yet.

        • Free Ubuntu Support Comes To M1 Macs With Multipass Update

          Ubuntu developer Canonical has announced the rollout of an update to its cross-platform VM manager Multipass, adding a free and fast way of running Linux on an M1-powered Mac. The news comes a month after Linux became available to run on Apple silicon ‘as a basic desktop,’ and merely days after reports suggested that Linux kernel 5.16 will include mainline support for the Apple M1 chip’s PCIe controller. Parallels Desktop 17 also offers Ubuntu support on M1 Macs, but the price starts at $79.99. Multipass is free.

          Apart from the aforementioned software, M1 users do not currently have many options to run Linux on their machines. While VirtualBox does not support the M1′s underlying ARM architecture, VMWare Fusion’s Linux support for Apple silicon is still in the preview stage. That makes Multipass a great option for developers interested in running Linux on their M1-powered MacBooks.

        • You’ll float too… If you don’t listen to your IT

          Here’s yet another hint Pennywise was trying to signal – IT has a scary face that we should all dread! If you don’t know who Pennywise is, then you are missing out watching the horrifying clown from the horror movie series It – not IT (Eye-Tee). No wonder it has become the highest-grossing horror film of all time, especially as Pennywise is giving us more scary life aspects to reflect the movie on (like this one)!

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Sponsor Success at Apache: Exploration and Practice of the Apache Way in Tencent

        The Apache Software Foundation (ASF) manages more than 227 million lines of code, has 206 project management committees, leads more than 350 Apache projects and operates through a merit system, with more than 850 members, 8,100+ committers, and tens of thousands of contributors.

        Previously the Apache Group, the ASF has grown to one of the largest open source foundations in the world today. It has built the well-known “Apache Way” through its leadership, sound community, and merit thinking, resulting in a set of schemes that promote the sustainable development of open source communities and guide the practice of open source projects.projects.

        Since Tencent Open Source was created 11 years ago, a large number of Tencent engineers have formed a deep connection with the Apache community by participating and contributing to Apache projects. Furthermore, by learning from the Apache Way, Tencent is going through its open source journey.

      • cURL Releases and Raves by Daniel Stenberg

        • curl 7.80.0 post quantum
        • The curl v8 plan

          For a long time I have been wanting to avoid us to ever reach curl version 7.100.0. I strongly suspect that going three-digits in the minor number will cause misunderstandings and possibly even glitches in people’s comparison scripts etc. If nothing else, it is just a very high number to use in a version string and I believe we would be better off by starting over. Reset the clock so to speak.

          Given that, a curl version 8.0.0 is inevitably going to have to happen and since we do releases every 8 weeks and we basically bump the version number in just about every release, there is a limited amount of time left to avoid the minor number to reach 100. We just shipped curl 7.80.0, so we have less than 20 release cycles in the worst case; a few years.

          A while ago it struck me that we have a rather big anniversary coming up, also within a few years, and that is curl’s 25th birthday.

        • The most used software components in the world

          We can’t know for sure which products are on the top list of the most widely deployed software components. There’s no method for us to count or estimate these numbers with a decent degree of certainty. We can only guess and make rough estimates – and it also depends on exactly what we count. And quite probably also depending on who‘s doing the counting.

          First, let’s acknowledge that SQLite already hosts a page for mostly deployed software module, where they speculate on this topic (and which doesn’t even mention curl). Also, does this count number of devices running the code or number of installs? If we count devices, does virtual machines count? Is it the number of currently used installations or total number of installations done over the years?

        • My first 25 years of HTTP

          I like figuring out even or somehow particularly aligned numbers and dates to celebrate. Here’s another one: today marks the day when httpget 0.1 was released in 1996.

          httpget 0.1 was a tiny command line tool written by Rafael Sagula. It was less than 300 lines of C code. (Today, the product code is 173,000 lines!)

          I found httpget just days after it was released when I was searching for a tool to use for downloading currency rates with from an HTTP site. This was the time before Google existed so I assume I used Altavista or something. I can’t remember actually.

        • Hackad: curl use on TV

          There’s this new TV-show on Swedish Television (SVT) called Hackad (“hacked” in English), which is about a team of white hat hackers showing the audience exactly how vulnerable lots of things, people and companies are and how they can be hacked using various means. In the show the hackers show how they hack into peoples accounts, their homes and their devices.

          Generally this is done in a rather non-techy way as they mostly describe what they do in generic terms and not very specifically or with technical details. But in some short sequences the camera glances over a screen where source code or command lines are shown.

        • curl installations per capita

          I’ve joked with friends and said that we should have a competition to see whom among us have the largest number of curl installations in their homes. This is of course somewhat based on that I claim that there are more than ten billion curl installations in the world. That’s more installations than humans. How many curl installations does an average person have?

          Amusingly, someone also asked me this question at curl presentation I did recently.

          I decided I would count my own installations to see what number I could possibly come up with, ignoring the discussion if I’m actually could be considered “average” in this regard or not. This counting includes a few assumptions and estimates, but this isn’t a game we can play with complete knowledge. But no crazy estimates, just reasonable ones!

        • One new contributor every 3.4 days

          In the curl project we keep track of and say thanks to every single contributor. That includes persons who report bugs or security problems, who run infrastructure for us, who assist in debugging or fixing problems as well as those who author code or edit the website. Those who have contributed to make curl to what it is.

          Exactly today October 4th 2021, we reached 2,500 names in this list of contributors for the first time. 2,500 persons since the day curl was created back in March 1998. 2,500 contributors in 8599 days. This means that on average we’ve seen one new contributor helping out in the project every 3.44 days for almost twenty-four years. Not bad at all.

      • Web Browsers

        • Old Microsoft is back: If the latest Windows 11 really wants to use Edge, it will use Edge no matter what

          Microsoft Windows 11 build 22494 appears to prevent links associated with the Microsoft Edge browser from being handled by third-party applications, a change one developer argues is anticompetitive.

          Back in 2017, Daniel Aleksandersen created a free helper application called EdgeDeflector to counter behavioral changes Microsoft made in the way Windows handles mouse clicks on certain web links.

          Typically, https:// links get handled by whatever default browser is set for the system in question. But there are ways to register a custom protocol handler, for operating systems and web browsers, that defines the scheme to access a given resource (URI).

        • Mozilla

          • A Firefox mobile product manager on her favorite corners of the internet

            Here at Mozilla, we are the first to admit the internet isn’t perfect, but we are also quick to point out that the internet is pretty darn magical. The internet opens up doors and opportunities, allows for people to connect with others, and lets everyone find where they belong — their corners of the internet. We all have an internet story worth sharing. In My Corner Of The Internet, we talk with people about the online spaces they can’t get enough of, what we should save in Pocket to read later, and what sites and forums shaped them.

            First up is Vesta Ware, a staff product manager at Firefox Mobile here at Mozilla on the parts of the internet she can’t stop talking about (and, yes, that includes Firefox).

      • SaaS/Back End/Databases

        • MongoDB 5.1 for DBaaS arrives amid questions over on-prem release stability

          MongoDB, the company behind the document non-relational database of the same name, has released its 5.1 update but only as a managed service.

          While critics voice concerns that bugs from 5.0 have still not been fixed, the NoSQL poster child has pushed on with efforts to accommodate time series data and better support analytics on operational systems.

          The result could be good for users already requiring these features, but is unlikely to usurp rival databases with these performance specialisms.

          MongoDB 5.1 is the first in an “accelerated release cadence” and will only be fully supported on MongoDB Atlas, the company’s database as a service, while being also available to download as a “development release.”

          It features support for globally distributed time series applications through MongoDB’s native sharding to horizontally distribute massive data sets and co-locate nodes.

        • What if … MySQL’s repeatable reads cause you to lose money?

          Well, let me say if that happens because there is a logic mistake in your application. But you need to know and understand what happens in MySQL to be able to avoid the problem.

          In short the WHY of this article is to inform you about possible pitfalls and how to prevent that to cause you damage. pitfalls1

          Let us start by having a short introduction to what Repeatable reads are about. Given I am extremely lazy, I am going to use (a lot) existing documentation from MySQL documentation.

      • Content Management Systems (CMS)<

        • Take the 2021 WordPress Annual Survey (and view the 2020 results)!

          Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide their valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and strategy for the WordPress Project.

          Simply put: this survey helps those who build WordPress understand more about how the software is used, and by whom. The survey also helps leaders in the WordPress open source project learn more about our contributors’ experiences.

        • Bogus “Unsupported Browser” errors on WordPress.com

          Logging in to WordPress.com in GNOME Web 41 from Flatpak results in a page called “Browse Happy” that says I need a different browser.

          This made me unhappy.

          The options are to continue anyway, or learn about supported browsers on https://browsehappy.com/ which implies that not using a “GAFAM” browser puts you at risk on the web.

          I filed a bug report on GNOME Web in the hopes they can add a UA quirk for WordPress that makes it think I use another browser.

      • FSF

        • GNU Projects

          • 8 New Features & Improvements to Expect in GIMP 3.0 Release

            GIMP is one of the best free image editors available for Linux. Not just for users who want a free alternative to Adobe suite, but many professionals use GIMP for artwork, design, and photo editing.

            Even though GIMP offers many essential features and options to work with, many modern alternatives (irrespective of the platform) have popped up that outshine GIMP in several ways.

            And, GIMP 3.0 could be the release that turns the table by putting GIMP as one of the best modern offerings to compete with commercial options available out there.

            This article will discuss the expected features to arrive with GIMP 3.0 release.

      • Programming/Development

        • Managing a Node Applications using PM2

          Hello, friends. In this post, you will learn how to manage Node applications using PM2. Although many developers should already know that thanks to PM2 we will be able to control the application we have already made using NodeJS.

        • Easy!Appointments: A free Self-hosted Appointment Scheduler

          Easy!Appointments is an open-source, free, web-based, self-hosted, event scheduler and appointment manager. It is created by Alex Tselegidis, a software developer from Greece.

          Easy!Appointments syncs events with Google Calendar, and similar calendar services.

          It is a highly customizable, easy-to-use system, written with PHP and uses MySQL. It uses Full-Calendar which is a rich JavaScript calendar library, Moment.js to manipulate time, jQuery, and Bootstrap CSS framework.

        • Python

          • How to manipulate Excel spreadsheets with Python and openpyxl

            Python is a general purpose programming language that needs no presentations. It was originally written by Guido Van Rossum, and saw its first release in the year 1991. At the moment of writing, the latest stable version of the language is 3.10. In this tutorial we see how to use it together with the openpyxl library to manipulate Excel spreadsheets.

  • Leftovers

    • The American Dilemma

      Religious mythology, from the Greeks on down, has been utilized to provide easily interpreted moral imperatives for the guidance of vulnerable, credulous humans. Gog and Magog embodied the power of evil, as symbols of all that was corrupt, perverse, and destructive in human nature, and were dreaded as such.

      Americans are short on mythology now, except for the sleazy, dirty joke of Exceptionalist bullshit, but the Gog/Magog model will serve well in describing one aspect of the waning days of this despicable, moribund empire: its governing political parties.

    • Joanna Hogg and the Art of Life

      When does a life become a story, a narrative legible to those outside it? This question trills at the heart of Joanna Hogg’s The Souvenir (2019) and the new The Souvenir Part II, a two-part film à clef constructed like a precarious house of cards: memories, texts, and ephemera from a life, stacked carefully one upon another in the hope that they hold their shape. The films take their names from Jean-Honoré Fragonard’s rococo 18th-century painting The Souvenir, which shows a woman in a lustrous pink gown carving an initial into a tree; a letter, presumably from her lover, lies on the ground by her feet. It’s an image of willful alchemy—of turning a memory, a feeling, into an object and event in the exterior world. The painting itself reifies a scene in Jean-Jacques Rousseau’s epistolary 1761 novel Julie; or, The New Heloise, about the mercurial passions between a married woman and her former flame—which in turn draws on the medieval tale of the French nun Héloïse d’Argenteuil and, likely, Rousseau’s own romantic entanglements. To this series of artistic transfigurations, Hogg adds her own, constellating personal references as she reconstructs her youth: the 1938 song “A Souvenir of Love” by Jessie Matthews, the films of Powell and Pressburger, period fashion from Manolo Blahnik and Yohji Yamamoto, letters from Hogg’s former lover, 16-millimeter pictures she took in the 1980s. Together, all these objects and invocations comprise a life of the mind, an intellectual history assembled in the hope that it might represent something more than just that: the haphazard accumulations of one’s time on earth.

    • 25 scenes in which the circumstances did not apply

      N1.in the light of a lamppost, a black fence in the background, wearing a long, fabulously well-cut black coat, feet in leather boots, 6’4” over me, he is a pylon

      in his eyes all princesses locked behind heavy-lidded eyes he turns to catchthe silent moonlight so i can shudder at how dark they stayhe tells me his name is meat because he eats meat because he’s from the mountainshe calls me lola he predicts i will regret everything i don’t dohe can’t know that i tell himmy name is dolores and i’m not thinking of anybody

    • Science

      • IFF submits its comments on the Draft Approach Paper for creating a Digital Address Code

        We have provided our comments on the Draft Approach Paper for creating a Digital Address Code. In our comments, we have tried to highlight the governance issues around geospatial data, data protection issues around the use of geospatial data, and potential surveillance and function creep challenges which will arise from DAC. Finally, we recommend that a comprehensive grievance redressal mechanism be provided for complaints against geospatial mapping, that robust security standards and user rights be specified for the DAC database, and that the principle of purpose limitation be followed.


        The latter approach is rather detailed and includes using an algorithm which would allocate the subsequent digits on the basis of habitation density after assessing the population density and designing a geospatial workflow. The DAC would be allotted based on the division of areas into a grid, each of which will comprise of around 300 addresses. Out of the 12 digits, the last digit would be a ‘check digit’ and the immediately preceding four would be identifiers within the neighbourhood. Upto the neighbourhood level, the DAC would be automated but for the final four identifier digits at the neighbourhood level, a ‘system driven consent process’ is proposed.

    • Education

      • Would You Manage 70 Children And A 15-Ton Vehicle For $18 An Hour?

        At year-round, full-time hours — the way the U.S. Bureau of Labor Statistics calculates an annual wage — the average school bus driver makes more than $39,000 a year. But school bus drivers don’t work year-round, full-time hours. “We’re only guaranteed four hours of pay a day,” Steele said.

        There are no paid holidays or sick days, she and other bus industry experts say. Benefits vary from company to company, and there’s no guaranteed work at all in summer. “Spring break is all unpaid. Every teacher-compensatory day, every snow day, any time they cannot pay us they will,” Steele said. She added that a recent, failed unionization effort among the Robbinsdale bus drivers started in part as a fight for snow-day pay.

    • Hardware

      • How To Make A CPU – A Simple Picture Based Explanation

        The purpose of this article is to explain how to make a CPU out of rocks and sand as fast as possible without using too many words. As the world of proprietary hardware and software crushes in around us, we risk losing the ability to make things for ourselves as individuals. It is for this reason that I felt compelled to learn how one could hypothetically make their own integrated circuits by themself. Skip to the end of this article for a few more words on this subject and a disclaimer.

      • Build Your Own HV Capacitors | Hackaday

        Finding high voltage capacitors can be tricky. Sure, you can buy these capacitors, but they are often expensive and hard to find exactly what you want. [RachelAnne] needed some low-value variable capacitors that would work at 100 kV. So she made some.

        Instead of fabricating the plates directly, these capacitors use laminations from a scrap power transformer. These usually have two types of plates, one of which looks like a letter “E” and the other just like a straight bar. For dielectric, the capacitors use common transparency film.

      • Rolling Your Own Long-Range IoT Sensor Network | Hackaday

        Homebrew wireless sensors are nothing new around these parts: grab an ESP8266, hang a BME280 from the I2C pins, and you’re just a few lines of code away from joining the Internet of Things on your own terms. Builds like this are so cheap and easy that they make an excellent first project for folks looking to get into the electronics game, but what if you’re looking for something a bit more bespoke?

        In that case, you could follow in the footsteps of [Discreet Mayor] and put together a custom modular architecture for long-range wireless sensors. The core of the system is a breakout board for the Texas Instruments SimpleLink CC1312 wireless MCU which features a simple 2×11 header connector. This allows the module to either be plugged into a larger board or have a small sensor PCB attached directly to it.

    • Health/Nutrition/Agriculture

      • Hog Futures Soar After Biden Moves to Speed Up Slaughter-Lines, Ignoring Safety Fears

        The Biden administration’s Wednesday announcement allowing several pork processing plants to speed up production was well-received by livestock traders—pleased to see an immediate spike in hog futures—but progressive critics warned that the move will make slaughterhouses, and the nation’s food supply, more dangerous.

        “The Biden administration is caving to industry pressure.”

      • Drug Price Negotiation Is A Second-Best Fix. Here’s What Will Really Work

        As Democrats struggle to bring together 50 votes to pass the Build Back Better Act, a major sticking point with the legislation has emerged. That is, whether it should include provisions changing the law to allow Medicare to negotiate drug prices, with caps on payments set based on prices paid by other wealthy nations.

      • How You Can Report on the Toxic Hot Spots Near You

        Is the community you cover located in or near a hot spot of cancer-causing industrial air pollution? The ProPublica reporters who built the most detailed map of toxic hot spots have created this guide to help journalists across the country illuminate the risks readers face and the remedies they might have to hold government and industry accountable. (For more background, you can learn more about air toxics and read our national overview story.)

        As part of our effort to empower journalists to use this new tool, ProPublica is also hosting a virtual event geared toward journalists where our reporters can answer questions about the map, the underlying data and the shoe-leather reporting techniques they’ve employed. This event will be held on Monday, Nov. 22, 2021, at 3 p.m. Eastern time. Register here. (There will be a separate virtual event for the general public.)

      • NIH Praised for Standing Up to Moderna in Vaccine Patent Fight
      • Democrats in Statehouses Aim to Secure Abortion Rights as “Roe” Faces Threats
      • Federal Judge Overturns Greg Abbott’s Ban on Mask Mandates in Texas Schools

        A federal judge late Wednesday overturned Texas Gov. Greg Abbott’s executive order prohibiting mask mandates in the state’s public schools, arguing the ban violates the Americans With Disabilities Act.

        “The spread of Covid-19 poses an even greater risk for children with special health needs,” U.S. Judge Lee Yeakel of the Western District of Texas, a George W. Bush appointee, wrote in his 29-page ruling. “Children with certain underlying conditions who contract Covid-19 are more likely to experience severe acute biological effects and to require admission to a hospital and the hospital’s intensive-care unit.”

    • Integrity/Availability

      • Proprietary

        • Apple will let users pass on iCloud data when they die
        • Attacker undetected by Qld regional water supplier for nine months

          “The story here is typical: a legacy, more vulnerable system was targeted first. Whilst no critical data was stolen in this instance, with the attackers simply redirecting Web traffic, perhaps a more sophisticated bad actor would have exploited the weakness further.

        • Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach

          Sunwater admitted the cyber breach after the tabling of a Queensland’s Audit Office report into the state’s water authorities, which mentioned the incident but did not say which authority was targeted.

          x Following questions from the ABC, Sunwater confirmed it was the authority affected by the breach revealed in the Audit Office’s report.

        • Judge denies Apple’s request to delay App Store changes.

          A federal judge ruled on Tuesday that Apple could not delay making changes to its App Store, a move that could soon allow app developers to directly communicate with customers about ways to pay for services outside Apple’s ecosystem.

          Calling Apple’s request for a delay “fundamentally flawed,” Judge Yvonne Gonzalez Rogers of U.S. District Court for the Northern District of California warned in her ruling that the company’s strict App Store rules were building toward “antitrust conduct.”

        • Judge orders Apple to allow external payment options for App Store by December 9th, denying stay

          Epic v. Apple judge Yvonne Gonzalez Rogers says Apple must comply with an order to let developers add links and buttons to external payment options, denying the company’s motion for a stay. “Apple’s motion is based on a selective reading of this Court’s findings and ignores all of the findings which supported the injunction,” her new order reads.

          Judge Gonzalez Rogers issued her order after a Tuesday hearing concerning the blockbuster antitrust lawsuit, which Fortnite publisher Epic Games filed in 2020 and which went to trial this year. During the hearing, Apple said it needed more time to rewrite its anti-steering policies — rules that bar app developers from linking to payment methods besides the iOS App Store.

        • [Old] Epic v Apple explained: What the trial is about and what happened in court

          Last year, Epic Games intentionally broke Apple’s rules by putting its own payment processing system in the iPhone version of Fortnite, bypassing Apple’s 30% fee and giving players a V-bucks discount. Apple responded by kicking Fortnite off the iOS App Store, while Epic launched a lawsuit and PR campaign declaring the iPhone maker “anti-competitive.”

          The companies have jabbed at each other for the past year, building their cases. (Epic CEO Tim Sweeney practices his ripostes on Twitter weekly.) Now the time has come to square off in person: The Epic and Apple trial has begun.

          Here’s what to expect from the trial, and what it’s all about in the first place.

        • Judge denies Apple’s request for a stay after Epic trial

          Judge Yvonne Gonzalez Rogers has denied Apple’s request for a stay of the injunction ordering it to let app developers link to non-Apple payment options. The company has 90 days from the verdict to comply.

          As part of the Epic v Apple case that went to court this year, Apple was found to be in violation of California’s Unfair Competition Law. A permanent injunction declared that, “Apple Inc. [...] are hereby permanently restrained and enjoined from prohibiting developers from (i) including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app.”

        • Security

          • Privacy/Surveillance

            • The Delhi High Court directs the CIC to provide a time frame within which our second appeal for information on surveillance orders will be decided

              We have been pursuing information relating to the scope and scale of e-surveillance conducted by the Ministry of Home Affairs since December 2018. The Ministry of Home Affairs (‘MHA’) had originally claimed that the information is exempt for national security, but the Central Information Commissioner (‘CIC’) said that this doesn’t apply – and directed the MHA to hear the matter again. When the MHA heard the matter again, it now claimed that it cannot provide the information anyway, because it has destroyed it! We filed another appeal before the CIC, and also filed a writ petition in the Delhi High Court to protect against further destruction of data in the meanwhile, and highlighting the immense delays faced in the CIC. The Delhi High Court has now directed the CIC to tell the High Court a timeline within which our appeal will be decided.

            • Meta Isn’t Just About Rebranding Facebook: Could It Bring a Dystopian Future?

              Is the launch of Meta merely an attempt at rebranding Facebook after the considerable hit its image has taken with the revelations of Facebook whistleblowers Frances Haugen and Sophie Zhang? Is it to move away from its sullied past and present to an alternate universe, the metaverse that Facebook will create in the future? Does the company want its users to forget about its hate-filled Facebook pages, which fuel the company’s ad-driven business empire, by moving the focus away from the Facebook brand? Or is this move aimed at winning back the young viewers that it is “losing traction” with?

              Facebook’s internal documents, made public by Haugen, reflect this desperation to win back the young users, and they even talk about focusing Facebook’s attention on preteens—children in the age group of 10 to 12—who are viewed as a “valuable but untapped audience.” More importantly, Facebook seems to follow the same logic as the cigarette companies do by targeting children and getting them hooked on smoking. Both Facebook and these cigarette companies seem to believe that once they hook these children onto their products, they stay hooked for life, providing these companies with captive, lifelong customers. Or, in the case of Facebook, this means selling the data of their users, those hooked on Facebook, to advertisers for the lifetime of these users.

            • Lawmakers Choose the Wrong Path, Again, With New Anti-Algorithm Bill

              We need a strong privacy law. We need laws that will restore real competition and data interoperability. And then, we need to have a serious discussion about breaking Facebook up into its component parts. In other words, the federal government should go back and do the rigorous merger review that it should have done in the first place, before the Instagram and WhatsApp purchases.

              It’s unfortunate that lawmakers are, by and large, declining to pursue these solutions. As they express shock and rage at Haugen’s testimony, we continue to see them promote legislation that will entrench the power of existing tech giants and do grievous harm to users’ right to free expression.

              The most recent effort is a bill called the “Justice Against Malicious Algorithms Act” (JAMA Act, H.R. 5596). This proposed law, sponsored by House Energy and Commerce Committee Chairman Frank Pallone (D-NJ) and three others, is yet another misguided attack on internet users in the name of attacking Big Tech.

            • Clearview Officially Kicked Out Of Australia For Violation Country’s Privacy Laws

              Clearview — the facial recognition tech company whose unproven AI runs searches on 10 billion images scraped from the web — has been booted from another country.

            • Belgium, GDPR Superpower, About to Rule Leading Ad Tracking Framework is Illegal

              Back in 2017, Belgium was one of three EU countries that ruled Facebook was breaking their privacy laws. Last year it emerged that Beligum was investigating the real-time bidding (RTB) process that lies at the heart of most online advertising today. The focus of that investigation was something called the Transparency and Consent Framework (TCF) from the leading digital advertising group IAB Europe, which describes its mission as “to lead political representation and promote industry collaboration to deliver frameworks, standards and industry programmes that enable business to thrive in the European market”.

            • Supreme Court to hear ‘secrets’ in case over Muslim surveillance

              Ultimately Monteilh‘s handlers told him to ask about jihad and express a willingness to engage in violence. Those questions caused members of the community to report him to the FBI and other authorities and seek a restraining order against him.

              The FBI has acknowledged Monteilh was an informant, and the story was covered in the news media including on the National Public Radio show “This American Life.”

            • Startpage harasses VPN users….. So much for their privacy claims.

              So that’s nice. “Your access to Startpage has been suspended at this time.”.

              I’ve gotten this a few times while using NordVPN, but it’s happening more and more.

              Why do they want me to drop my VPN if they’re all about privacy?

    • Defence/Aggression

      • Let’s Turn Rising Generations Into War Resisters Rather Than Veterans
      • A Soldiers Home Companion

        “My father lives there,” she said. “The food is great. The rent is cheap. They take care of everything.”

        I’m on two housing lists but figured why not? I filled out an application; two months later I had an interview at the Chelsea Soldiers’ Home in Boston.

      • Day of the Dead

        Eventually everything is doomed. The sun will go Red Giant and devour the Earth. All the stars will eventually flame out and die. Why care? Why not succumb to hedonism and excess, live it up and suck it up. Who gives a flying fuck about some tweety birds, posies and varmints.

        Why? Because the Earth, the stars, the Universe, somehow managed to bring forth these marvelous organic inventions that live and breathe and frolic and mate and fight and eat and hunt and fly and run and howl and sing. Because we are all refugees stranded on one blue marble in the vast cold emptiness, possibly (but unlikely) the only life in all the terrifying wilderness of space. Surely we should look after one another.

      • A Real Day for Veterans

        There are 40,000 homeless veterans in this country. A real day for veterans would address their physical and emotional needs and help them access permanent housing.

        One of every 10 post 9/11 veterans has been diagnosed with a substance abuse problem. A real day for veterans would help them get treatment without stigmatization or shame.

      • Human Rights Advocates Condemn ‘Intolerable’ Abuse of Refugees Trapped at Poland-Belarus Border

        “Vulnerable people are not chess pawns to be used in a geopolitical struggle… European values are dangerously under threat when people are allowed to die from hypothermia at its external border.”

      • Veterans Group on Annual Mission to Reclaim November 11 as Day for Peace

        As countries across the globe mark Armistice Day Thursday, advocacy group Veterans for Peace is on its annual campaign to bring the focus in the U.S. back to the day’s original intent of a celebration of peace.

        “We want to be part of a society that acknowledges peace as the ideal.”

      • Why Did the DoD Abandon a Report Tracking 139 Military Mental Health Programs?
      • Opinion | Honor Armistice Day on November 11th as a Day of Peace

        The first Armistice Day was a celebration of the moment—the 11th hour of the 11th day of the 11th month in 1918—that the brutality of that first industrial war, which robbed 40 million soldiers and civilians of life, ended and peace began.

      • Nuclear Weapons Ban Treaty Tied to ‘Historic Shift’ Away From ‘Perilous Profiteering’

        The latest Don’t Bank on the Bomb report, released Thursday, sheds light on the early impacts of a global treaty banning nuclear weapons worldwide while also exposing the companies and financial institutions responsible for continuing to build up governments’ arsenals.

        “This report looks at those with vested interests to keep a nuclear arms race going.”

      • Class Warfare and Socialist Resistance: Nicaragua, Cuba, Venezuela as Existential Threats to the US

        One of the extreme ironies of the latest attack by the settler-colonial regime of the United States against the national democratic project of Nicaragua is that in Nicaragua, the second poorest nation in the Americas, universal healthcare and education are guaranteed to the population as a human right, while in the U.S. those kinds of basic human rights are distant dreams.

        The day after the so-called progressive block of legislators in the U.S. House of Representatives surrendered to President Joe Biden and the right-wing corporate wing of the party on the Build Back Better legislation that offered some minor and temporary relief for workers and the poor, many of those same “progressives” voted for the RENACER Act. The RENACER Act is a vicious piece of legislation meant to undermine the ability of the Nicaragua government to protect the human rights of its people and to punish the people for having the temerity to support their government and their anti-colonial project.

      • Opinion | American History: Let’s Face the Truth

        When you’re losing the game, summon the commies!

      • ATF Goes On Tour To Teach Journalists That Cops Are Usually Right When They Kill Someone

        The ATF (the accepted not-actually-an-acronym for the Bureau of Alcohol, Tobacco, Firearms and Explosives) is back on its periodic charm offensive. This time the charm seems a bit more forced, as citizens and governments all over the nation are aggressively questioning force use by law enforcement officers.

      • Expel Paul Gosar From Congress

        Arizona Republican Representative Paul Gosar’s posting of an altered anime video that depicted him killing a colleague, New York Democrat Alexandria Ocasio-Cortez, should be the last straw for the most dangerously delusional member of the US House of Representatives.

      • World and Regional Powers Shape the Horn of Africa, Ethiopia Bites the Dust
      • Kurt Vonnegut’s Prescient Insight Into Veterans’ Trauma

        In The Writer’s Crusade: Kurt Vonnegut and the Many Lives of Slaughterhouse-Five (Abrams, 2021), I examine Vonnegut’s masterpiece by going on a biographical and literary journey into the author’s life, from the trauma he experienced in World War II through his career and up to his final years as an ornery New Yorker. I also talk with contemporary authors, such as Tim O’Brien, to shed light on how Vonnegut integrated his experiences and was able to write a “true” war story. The excerpt below is adapted from the book.1

      • ‘Arrogant Insensitivity’: Defense Lawyer in Arbery Murder Trial Ripped for Bid to Bar Black Pastors

        An attorney for one of the three men accused of murdering unarmed Black runner Ahmaud Arbery in Brunswick, Georgia last year raised eyebrows and ire Thursday after asking the presiding judge in the case to exclude Black faith leaders from the courtroom because he believes their presence is “political” and could sway the nearly all-white jury.

        “Asking a judge to bar me or any minister of the family’s choice underscores the disregard for the value of the human life lost and the grieving of a family in need of spiritual and community support.”

      • White Supremacy on Trial: From Rittenhouse in Kenosha to Killers of Ahmaud Arbery, Will They Go Free?

        Kyle Rittenhouse took to the stand on Wednesday before his defense team asked for a mistrial with prejudice in the case. If a mistrial is granted, Rittenhouse cannot be tried again, though the judge did not immediately rule on the request and said jury deliberations could begin on Monday. Now 18 years old, Rittenhouse was 17 when he fatally shot two men and injured one with a semiautomatic rifle during racial justice protests last year in Kenosha, Wisconsin. Rittenhouse is pleading not guilty to six charges, including homicide. While questioned, Rittenhouse broke down in tears, admitting to using deadly force but denying intent to kill his victims, and Judge Bruce Schroeder seemed to side with the defense at a handful of different points during Rittenhouse’s testimony. Meanwhile, the judge’s cellphone went off while the court was in session and played a ringtone for the song “God Bless the U.S.A.” by Lee Greenwood, the opening song played at Donald Trump’s rallies. For more on the Rittenhouse trial, as well as the murder trial for the three men who killed Black jogger Ahmaud Arbery in Georgia, we speak with Elie Mystal, justice correspondent for The Nation, and antiracist activist Bree Newsome Bass. Mystal says Judge Schroeder “has pre-judged the trial in favor of Rittenhouse,” and “that was obvious before the trial.” Newsome Bass says, irrespective of the trials’ outcomes, “the legal system itself is an affront to the notion of justice.” She adds, “What does justice even mean in a system that was established to strip Black people of their humanity and for the greater part of its history has never really held white people accountable for murdering Black people?”

      • Six War Poems by Vietnam Vets

        Our medic works on a young soldier,
        tails of battle dressings tangle around him
        like intestines. On the bulldozers steel track,
        linked like rosary beads,
        a man sits, minus his arm, both legs. Someone’s hands,
        no–my hands–
        pitch the smoke grenade. Through a squall of dust and smoke,
        the chopper’s open door
        beckons. We carry litters,
        all hunched over
        like men in a hailstorm. Gentle cuffs against my thigh.
        A leg…
        from knee to boot, dangles by a strand of flesh.
        It taps to remind me
        of my undeserved wholeness.

        Gary Rafferty served with A Battery, 2nd Battalion, 94th Artillery, Vietnam 1970-71. His fortcoming memoir is Nothing Left to Drag Home: The Siege at Lao Bao During Operation Dewey Canyon II–Lam Son 719, as Told by an Artilleryman Who Survived It. Email: Maddog7337@yahoo.com.

      • Muslim Mafia: Migrant Clans Conquer Sweden – Arab War Zone (Videos)

        The clans control large zones of Swedish cities and towns, effectively lawless areas which police increasingly fear to approach. The crime families, which have thousands of foot soldiers, have been allowed to operate with virtual impunity for years. Swedish judges and prosecutors have been unable or unwilling to stop them, apparently out of fear of retribution. Furthermore, police are terrorized by them and often pressured by the state to remain silent.

      • History accelerates on the banks of the Rhine, the river that waters the heart of Europe. as Islam moves forward.

        When Pastor Klemens Müller looked out the window last week, he couldn’t believe his eyes. A young Afghan was literally emptying his Frauenberg church in Nordhausen. The Afghan, who has lived in Germany for five years, dragged chairs out, emptied the altar, tore up religious and organ music books and did not stop at the cross, which he mutilated. The shattered symbol, Die Welt says, had been saved from the rubble after the bombing of Nordhausen in World War II. It resisted the bombs, not Europe’s masochism.

    • Environment

      • 200+ Global Scientists Urge Immediate Large-Scale Action to Limit Global Warming
      • Over 84 Million People Forcibly Displaced by Climate Emergency, Insecurity, and Violence

        A United Nations agency revealed Thursday that a rising number of people worldwide are fleeing violence, insecurity, and the effects of the climate emergency, with over 84 million relocating within and beyond their home countries during the first half of this year.

        “It is the communities and countries with the fewest resources that continue to shoulder the greatest burden in protecting and caring for the forcibly displaced.”

      • Denmark and Costa Rica Launch Anti-Oil and Gas Alliance at COP26

        A group of countries and regions led by Denmark and Costa Rica have pledged to phase out oil and gas production in a new initiative launched today at the COP26 climate talks in Glasgow.

        Wales, Ireland, France, Greenland, Québec and Sweden have joined the Beyond Oil and Gas Alliance (BOGA) as “core” members, which requires winding down any existing projects by a Paris Agreement-aligned date and not issuing new licences.

      • Anti-Net Zero Activist’s Claim She Was ‘Evicted’ from COP26 Rejected by Organisers

        The head of a new UK climate science denial group calling for a referendum on the country’s net zero goal falsely claimed to have been evicted from COP26 and forced to hide in a toilet earlier this week, according to organisers. 

        Lois Perry, director of CAR26 – which questions whether carbon dioxide has a “significant role in global warming” – appeared on talkRADIO on Monday claiming security tried to “bundle” her out of the press area at the UN climate summit in Glasgow because “they don’t want free speech”. 

      • Iberdrola Criticised for COP26 ‘Greenwash Gimmicks’ While Expanding Gas-Fired Power

        GLASGOW, SCOTLAND — A Spanish energy giant has been criticised for touting its green credentials at COP26 with free solar-powered WiFi booths and a “cycling expedition”, while remaining involved in multiple gas power projects in Mexico.

        Iberdrola helps run an annual cycle ride to UN climate summits backed by the International Energy Agency, which recently called for an end to new fossil fuel developments if the Paris Agreement goals are to be met.

      • ‘Shame On You’: Indigenous Campaigners Demand JPMorgan End Fossil Fuel Finance

        Indigenous activists on Wednesday staged a protest outside JPMorgan Chase headquarters in central Glasgow as pressure on banks to halt oil and gas extraction grows.

        A crowd of over a hundred chanted “enough is enough” and “shame on you” outside the American multinational bank’s office building, just over a mile from where crucial talks at the COP26 climate conference are currently taking place.

      • Opinion | Bill Gates Should Know Better: How the Israeli Occupation Ravages the Environment in Palestine

        Those who are not familiar with how Israel, particularly the Israeli military occupation of Palestine, is actively and irreversibly damaging the environment might reach the erroneous conclusion that Tel Aviv is at the forefront of the global fight against climate change. The reality is the exact opposite.

      • Global Alliance Launches With the Goal of Bringing About the ‘End of Oil and Gas’

        In what environmentalists hope will mark a “turning point” in the global climate fight, a coalition of nations led by Costa Rica and Denmark formally launched the Beyond Oil and Gas Alliance on Thursday with the stated goal of halting all new drilling and ultimately phasing out fossil fuel production for good.

        Announced at the tail end of the COP26 summit in Glasgow, Scotland, BOGA represents the world’s first coordinated diplomatic initiative aimed at keeping planet-warming fossil fuels in the ground, advocates said.

      • Climate Crisis Cannot Be Solved Without Addressing US Military Emissions, Says Ocasio-Cortez

        U.S. Rep. Alexandria Ocasio-Cortez on Wednesday denounced the exclusion of military emissions from national decarbonization pledges, arguing—in concert with scores of climate justice advocates—that ignoring a key source of greenhouse gas pollution makes it impossible to fully understand and tackle the planetary emergency.

        “When we have global conferences about cutting emissions, to omit conversations about military investment is to omit measuring our CO2 emissions,” Ocasio-Cortez (D-N.Y.) told Abby Martin, host of “The Empire Files,” in response to the journalist’s question about whether greenhouse gases (GHG) emitted by the U.S. armed forces should be included in President Joe Biden’s vow to cut carbon pollution in half from 2005 levels by the end of the decade.

      • Wealth Inequality Is Fueling the Climate Emergency
      • Opinion | The Big Lie Known as ‘Net Zero’ Will Lead Us to Climate Disaster

        Last week, at the UN climate negotiations, the International Energy Agency announced that pledges made thus far could hold warming to 1.8 or 1.9°C. Yet an investigation published on Sunday by The Washington Post found that countries’ pledges are based on faulty data. And a report released on Tuesday by Climate Action Tracker, a research group that monitors action on greenhouse gas emissions reductions, found that the targets will, at best, keep temperatures to 2.7°C (5°F). That same day, the United Nations Environmental Programme (UNEP) published its annual Emissions Gap report, which matched the Climate Action Tracker’s findings: current pledges will lead to 2.7°C.

      • 200+ Global Scientists Say Urgent and ‘Large-Scale Actions’ Mandatory to Keep 1.5°C Goal Alive

        As a global group of hundreds of scientists urged negotiators at COP26 to acknowledge the latest climate science by committing to “immediate, strong, rapid, sustained, and large-scale actions,” the head of the United Nations expressed pessimism Thursday that the talks will end with an agreement limiting warming to the key threshold of 1.5°C.

        In an interview with The Associated Press a day before the summit is scheduled to end on Friday, U.N. Secretary-General António Guterres said the goal of capping temperature rise to 1.5 by the end of the century “is still on reach but on life support.”

      • Energy

        • French Poll: Two-Thirds Believe Christians ‘Threatened with Extinction’ by Mass Muslim Migration

          According to the Roman Catholic Archbishop of Izmir, Turkey, Giuseppe Bernardini, in Europe “the ‘dominion’ has already begun.” He notes that Saudi “petro-dollars” have been used “not to create work in the poor North African or Middle Eastern countries, but to build mosques and cultural centers in Christian countries with Islamic immigration, including Rome, the center of Christianity….How can we ignore in all this a program of expansion and re-conquest?”

      • Wildlife/Nature

        • The Pitfalls of Collaboration Strike Again

          And why are they so upset? Well, because Montana’s other U.S. Senator, Steve Daines, has decided the bill isn’t going anywhere unless hundreds of thousands of already-designated Wilderness Study Areas are released to development.

          They say “the once burnt child fears the fire,” but apparently that doesn’t apply to the adults who continue to believe if they cut some kind of local deal chopping up the remaining wilderness-quality public lands among their select interests that it will remain untouched and simply magically pass into law unchanged.

    • Finance

      • Opinion | The Worst Instincts at the Very Wrong Time: Fed Chair Jerome Powell Must Go

        US President Joe Biden faces a critical decision: whom to appoint as chair of the Federal Reserve—arguably the most powerful position in the global economy.

      • Opinion | Putting Current Inflation in the Proper Perspective

        The October Consumer Price Index data has gotten the inflation hawks into a frenzy. And, there is no doubt it is bad news. The overall index was up 0.9 percent in the month, while the core index, which excludes food and energy, rose by 0.6 percent. Over the last year, they are up 6.2 percent and 4.6 percent, respectively. This eats into purchasing power, leaving people able to buy less with their paychecks or Social Security benefits.

      • Right-Wing Attacks on Native Child Welfare Law Should Frighten Us All
      • Opinion | It’s Time to Expose and Upend That Damaging Myth About Spending

        The drama over the Build Back Better Act has revealed the power of narrative in our political landscape.

      • Is the US Beyond Repair?

        The Missouri Compromise kept the balance by admitting Maine, which had been part of Massachusetts, as a free state, and limiting the spread of slavery below 36° 30´ latitude, parallel to the southern border of Missouri. Said Jefferson, “. . . this is a reprieve only, not a final sentence.” When the compromise broke down in the 1850s, and the entire west was opened to slavery by the 1854 Kansas-Nebraska Act and the Supreme Court’s 1857 Dred Scott decision, Jefferson’s worst fears were realized in a bloody Civil War.

        Today, it seems we are heading in a similar direction. Polls show broad support for secession across the political spectrum. A University of Virginia poll found support for breaking blue and red states into two separate countries at 52% among Trump voters and 41% among Biden voters. Asked if leaders from the other party are “a clear and present danger to democracy,” 80% of Biden voters and 84% of Trump voters responded yes.

      • The Rich Already Have Paid Leave. Meet Ruth Martin, One of the Activists Trying to Make It Universal
      • How Wealth Inequality Fuels the Climate Emergency: George Monbiot & Scientist Kevin Anderson on COP26

        The United States and China made a surprise announcement on Wednesday at the U.N. climate summit in Glasgow on a joint pledge to reduce methane emissions and slow deforestation. The United States is the largest historical emitter of carbon emissions, while China has been the largest emitter in recent years. As negotiations continue, we speak with British journalist George Monbiot and British climate scientist Kevin Anderson about how world leaders and even some climate scientists are downplaying the climate emergency. “Everything we’ve been hearing here and at the previous 25 summits is basically distraction,” says Monbiot, adding that global leaders could “fix” the worst impacts of the climate crisis “in no time at all if they wanted to.” Both guests highlight the role of extreme wealth in fueling the climate crisis, with Anderson noting it’s unfair to penalize nations like China, whose rising emissions correlate to the production of goods transported to wealthier countries. “Equity has to be a key part of our responses,” says Anderson.

      • Vehicle Residency: Homelessness We Struggle to Talk About

        Their voices shatter when Sara Kuust and Jake Blackburn talk about Kuust’s miscarriage while residing in a Chevy Blazer. A red-light camera flashing in the dark night, in a big box parking lot near Portland. Four tiny kittens gamboling as a winter storm approached. The worldly possessions of three humans packed in “like Tetris,” litter box perched. Electrical problems randomly triggering door locks. The pain and metallic smell hitting. Kuust losing it. Her cleaning up with a wet rag. No security, no police coming through in the wee hours of February 12. She hadn’t sought prenatal care, didn’t go to a hospital. Blackburn and their roommate cleaning with water and towels—and favorite T-shirts—until dawn.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

      • Chinese Internet Companies Are Censoring People Who Write Or Speak Tibetan Or Uyghur, Lending A Hand To China’s Cultural Genocides

        Techdirt has reported on the oppression of Tibetans by the Chinese authorities for 15 years now. More recently, the Turkic-speaking Uyghurs in Xinjiang have come in for the same treatment, with the apparent aim of breaking their spirit and imposing total obedience. But alongside the hundreds of prisons and physical repression — sometimes leading to deaths — the Chinese authorities have been making it increasingly hard for Tibetans and Uyghurs to preserve their distinctive, non-Han cultures. Now Chinese Internet companies are lending a hand to these cultural genocides, reported here by Protocol:

      • Rupert Murdoch Spreads False Claim Biden FCC Nom Wants To ‘Censor Conservatives.’ NewsMax & OAN Immediately Prove Him Wrong.

        We’d already noted how telecom and media giants are hard at work trying to scuttle the nomination of consumer advocate Gigi Sohn to the FCC. Sohn is broadly popular on both sides of the aisle in telecom and media circles, so companies like AT&T and News Corporation are working overtime to come up with talking points politicians can use to oppose her nomination. This week, that included prodding Lindsey Graham to frame Sohn (who has decades of telecom policy experience) as an unqualified radical extremist looking to censor conservatives:

      • Censorship is the Last Gasp of the Liberal Class

        On November 8, 2021, Twitter locked my account for a period of one day for responding to corporate media darling and Russiagate fanatic Keith Olbermann’s slanderous reply to journalist Wyatt Reed’s coverage of the Nicaraguan election. The flagged tweet simply restated Olbermann’s question, replacing “whore for a dictator” with “whoring for the American oligarchy.” Twitter demanded that I delete the tweet or send a time-consuming, lengthy appeal with no assurances as to if or when my sentence in “Twitter jail” would end. This prompted me to delete the tweet and wait for the 12-hour suspension to end. Keith Olbermann’s account went unscathed.

      • iOS 15.2 beta can censor nudity in Messages app

        Apple released its iOS 15.2 beta earlier this week, adding its “Communication Safety” feature to messages.

        MacRumors reported that the feature aims to protect children from sexually explicit materials sent or received through the messages app.

        The messages app will automatically blur images in which it detects nudity and warn the user of the content.

      • Experts Caution Against One Size Fits All Approach to Content Moderation

        Some experts say they are concerned about a lack of diversity in content moderation practices across the technology industry because some companies may not be well-served – and could be negatively affected – by uniform policies.

        Many say following what other influential platforms do, like banning accounts, could do more harm than good when it comes to protecting free speech on the [Internet].

      • Terror? What Terror?

        But that’s one issue. Here’s another – one that most of the Norwegian media have chosen not to mention. The knife-wielder, a native of Chechnya (which is 96% Muslim, and which was the site of one of the most horrific terrorist acts of the post-9/11 era, the Beslan school siege, in which 186 children were murdered), shouted “Allahu akbar!” several times while storming down Theresesgate.

        This detail, which according to journalist Christian Skaug was first reported in the newspaper VG and then scrubbed within hours (or less) from its website, might in another time and place have been considered by the authorities as a clue as to the man’s motives. But not in Europe in 2021.

      • Editor-in-chief of a major German daily newspaper accuses the churches of concealing or downplaying crimes against church institutions – “They shy away from the conflict with Muslim contempt for Christians and left-wing anti-Semitism”

        Poschardt complains that the Protestant Church in Germany (EKD) speaks out “unasked about the moral challenges of the world” but remains “outrageously silent” when it comes to “denouncing obvious things” that affect them. “Statues of saints are spat upon, crosses are desecrated, people urinate in holy water basins. There is little to be heard about this from the EKD’s otherwise so talk-show-suitable permanent moral announcements. Even after the outrageous event in the southern Harz region, it remained rather quiet.”

    • Civil Rights/Policing

      • Why Voters Rejected Plans to Replace the Minneapolis Police Department

        By a 56% to 44% margin, voters said “no” to a charter amendment that would have replaced the Minneapolis Police Department with a new Department of Public Safety focused on public health solutions.

        Michelle Phelps at the University of Minnesota leads a project looking at attitudes toward policing in the city. The Conversation asked her to explain what happened in the Nov. 2, 2021, vote and where it leaves both Minneapolis’ beleaguered police department and police reform movements nationwide. An edited version of her responses are below.

      • John Deere Workers Remain on Strike and Reject Two-Tier Pay

        Davenport, Iowa—In October the United Auto Workers and Iowa’s labor movement were on the march.

      • October Facts
      • Rhetoric is Not the Answer!

        The explanation that respected leaders and governments were not prepared for this is not the answer. Discrimination faced by Covid-patients on account of their economic as well as social (race, religion and so forth) background even in so-called democratic countries remains a stark indicator of helplessness faced by people when their own leaders are at a loss for what to do. It is paradoxical indeed, leaders and key power-holders supposed to be in command of all “services” have been cornered by socio-economic distress led to by impact of a virus. Perhaps, more pathetic is almost dead silence maintained by most leaders regarding discrimination displayed in medical services provided to affected people. Letting discrimination take place and/or failing to check the same seems to be a gross indicator of power-holders’ apparent apathy towards such a “crime”.

        The preceding point is probably just a mild indicator of social illness still prevalent in most countries, including the ones hailed as most progressive as well as developed, expecting rest of the world to toe their line.  What also cannot be explained is failure to take timely action against this virus in its initial phase. Importance began being given to lockdown, etc after the virus had already struck in its first phase. Ironically, though reports suggest that its third phase is soon expected, practically the whole world is applying a reverse gear to tackle this. What else is suggested by lifting of lockdowns, re-opening of national and international travel? And pray what has happened to key government heads no longer giving the same importance to holding virtual meetings? The noise made earlier about social distancing appears to have been thrown to winds. What else can one understand by Indian Prime Minister Modi trying to use his “hug-diplomacy” at the recently held summit in Glasgow? “Not all leaders wore masks. The same “diplomacy” was displayed by Modi during his meeting with Pope Francis in the Vatican.

      • Afghan women desperate to escape Taliban rule: ‘We don’t know how long we can hide’

        She fled after six years with her three young children — a newborn, 2 and 4 at the time — moving from place to place to hide from her spouse. But when the Taliban took power in Afghanistan last summer, her fears skyrocketed; now she feared not just being beaten but being killed. A woman who left her husband, she says, would be executed by the Taliban if discovered.

      • Afghanistan: Four women killed following phone call to evacuate

        Local sources told AFP that one of the women that were killed was Frozan Safi, a known women’s rights activist and university lecturer. According to the sources, the women received a phone call that they thought was an invitation to join an evacuation flight, and they were picked up by a car, only to be found dead later.

        One of the sources said that three weeks prior, they had also received a phone call from someone who was pretending to offer assistance to flee Afghanistan and seek refuge overseas. The source said that the caller knew their information and asked her to send documents and fill out a questionnaire, pretending to be an official for the office in charge of handing over information to the US.

      • Kelantan’s new syariah laws criminalises tattooing and plastic surgery

        Attempts of converting out of Islam, distortion of Islamic teachings, disrespecting the month of Ramadan, destroying houses of worship, tattooing and undergoing plastic surgery are among the offences that will be punished under Kelantan’s Syariah Criminal Code (I) Enactment 2019 which came into effect on Monday (Nov 1).

      • Malaysian State’s Latest Enforcement of Sharia Laws Makes Conversion Criminal

        The 24 offenses that will be punished include attempting to convert out of Islam, distortion of Islamic teachings, disrespecting the month of Ramadan, destroying houses of worship, disobeying parents, tattooing, and undergoing plastic surgery.

      • Antisemitism In Sermons In U.S. Mosques

        In Islam, imams serve not only as prayer and faith leaders, but as pillars of the Muslim community. They have the ability to inspire their community members and to shape their religious outlook. Thus, speeches and statements made by American imams may provide valuable insight into what they preach to the members of their communities.

        To explore the views preached by imams in the United States, I used the rich archives of the Middle East Media Research Institute (MEMRI) – which contain over 300 sermons and speeches made by imams and Islamic figures in the West – to collect a sample of statements made by Islamic scholars and imams in America. As it turns out, these imams’ statements make it evident that antisemitism – often in the form of anti-Zionism or anti-Israel sentiment – is very present in some of America’s mosques, and this might reflect a worrying reality about the presence of antisemitism in some of America’s Muslim communities.

        In this article, I shall present some of the themes I have found in statements made by American imams and Islamic scholars, and I shall give an example of each theme.[1]

    • Internet Policy/Net Neutrality

      • The Broadband Plan Will Not End the Digital Divide

        When Biden first proposed his infrastructure plan, he famously proclaimed, “Broadband internet is the new electricity.”  And he noted, “Yet, by one definition, more than 30 million Americans live in areas where there is no broadband infrastructure that provides minimally acceptable speeds.”  This is what is known as the “digital divide,” the gulf between those who have ready access to computers and online access, and those who do not.

        Unfortunately, Biden’s original proposal called for $100 billion for broadband but it was cut to $65 billion.  Equally troubling, it originally called to “prioritize support for broadband networks owned, operated by, or affiliated with local governments, non-profits, and co-operatives.” This was dropped as was his call to override laws in 18 states that block community broadband.

      • Why the Internet Is Turning Into QVC

        Yes, America’s [Internet] is turning into QVC. (People under 30: Email me for an explanation of home shopping TV.)

        This is happening for three reasons: greed, fear and China. And the growing mania for digital shopping options is another example of how our experiences online are shaped just as much by corporations’ interests as by our desires.

      • Commerce Secretary Raimondo Emphasizes Affordability, Fiber in Infrastructure Bill Press Briefing

        Raimondo, who’s press conference represented another victory lap for the administration since the passage of the measure on Friday night, gave an idea of what her department expects to see from the bill, which had already passed the Senate in August and is now on President Joe Biden‘s desk for signing: a relatively quick turnaround on broadband affordability and job creation, but a longer timeline for fiber buildouts.

    • Digital Restrictions (DRM)

      • Denuvo Games Once Again Broken For Paying Customers Thanks To DRM Mishap

        It’s been a while since we’ve mentioned Denuvo, the once-vaunted anti-piracy video game DRM that subsequently became an industry punchline. Once touted as “uncrackable”, Denuvo went from there to becoming indeed crackable, then crackable shortly after release of games, to then being crackable the same day, to then being cracked in some cases hours after a game’s release. As a result, plenty of publishers have taken to patching Denuvo out of their games, while Denuvo did a mini-pivot to create anti-cheat software for online games. While all that was going on, plenty of paying customers of games protected by Denuvo complained about various issues: authentication issues intermittently preventing the customer from playing the game they bought, performance issues that are linked back to how Denuvo runs and behaves, or Denuvo simply breaking games.

    • Monopolies

      • Patents

        • The Public Should Know Who Profits From Patent Troll Lawsuits

          Even people who get sued over patents often can’t figure out who is demanding money from them. That’s even more true when the lawsuit comes from a patent troll wielding a vague software patent, something that is all too common.

          That’s why we’re glad to see the issue of patent transparency come back to Congress, in the form of a recently introduced bill called the “Pride in Patent Ownership” Act, S. 2774, sponsored by Senators Patrick Leahy (D-VT) and Thom Tillis (R-NC). The Senate’s IP Subcommittee held a hearing on the bill last month.

          Since 2013, EFF has supported efforts to make it clear to the public who owns patents. We’re pleased to see the issue come back to Congress, because it will once more bring attention to the lack of transparency in the patent system. We support the Pride in Patent Ownership Act as a modest step towards shining some light on the opaque operations of the U.S. patent system. However, because the bill lacks a strong enforcement mechanism, it falls short of being a bill that will truly shed the sunlight that the public needs.

        • NIH Praised for Finally Showing ‘Modicum of Verve’ in Vaccine Patent Fight With Moderna

          Public health campaigners applauded the National Institutes of Health on Wednesday for standing its ground in a patent fight with Moderna, which claimed in a recent filing that U.S. government scientists did not co-invent technology at the heart of the pharmaceutical giant’s shot.

          Dr. Francis Collins, the director of the NIH, told Reuters Wednesday that contrary to Moderna’s assertion, government scientists “played a major role in the development of the vaccine” that the Massachusetts-based corporation is “now making a fair amount of money off of.”

        • Pfizer Misleading World With False Claims of Equitable Vaccine Distribution: Amnesty

          A briefing published Thursday by Amnesty International accused pharma giant Pfizer of making misleading claims about its efforts to provide Covid-19 vaccines to low-income countries, while reserving most doses of the inoculations for wealthier nations.

          “Pfizer says it is committed to supplying doses to low- and middle-income countries, but the numbers just don’t bear this out. The fact is that this company is still putting profits first.”

      • Copyrights

        • Thousands of Pirate Sites are Listed on WIPO’s Advertising Blacklist

          The pirate site blocklist maintained by the World Intellectual Property Organization (WIPO) has grown to include well over 5,000 domain names. The list is maintained by reporters from various countries and is used by various major advertising companies to prevent money from flowing to pirate sites. Full details on this blocklist remain a mystery, for now.

        • MPA/ACE Attempt to Hunt Down Pirate Site Operators via US Court

          The Motion Picture Association has filed a flurry of DMCA subpoena applications at a California court. The aim is to compel Tonic Domains and CDN provider Cloudflare to hand over all information they hold relating to dozens of pirate site operators. These include major torrent site RARBG, the popular Oha addon for the Watched app, streaming portal Primewire, and a pair of IPTV sellers

        • The Curious Case Of Billionaire Brian Sheth, An Anonymous Tweeter, Copyright Law, Twitter, And Some Company That Barely Seems To Exist

          Techdirt regular John Roddy highlighted a truly bizarre fight happening in a California court that may or may not involve billionaire Brian Sheth. Sheth was a cofounder of the high-flying Vista Equity Partners, and left it a year ago in a high profile exit, after the firm’s other cofounder, Robert Smith, entered into a non-prosecution agreement with the DOJ and agreed to pay $139 million and “abandon” $182 million in deductions, related to charges of tax fraud. In the Forbes link above, Sheth claims he sought to have Smith leave Vista following this revelation, but “Smith prevailed” and so Sheth left. Nothing in that article makes Sheth look particularly bad.


Links 11/11/2021: Homage to Ken Starks, New Sparky Linux, Go Turns 12

Posted in News Roundup at 6:15 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Ken Starks Hangs Up His Spurs at Reglue

        In 2005, I placed my first Linux-powered refurbished computer with a young middle school student. She was the daughter of a single mother with four children who could barely pay the rent. A computer for her gifted child was out of the question. The young student was Haley Ann Peters and she is now a geologist.

        With that, I began a 20 year journey; placing computers into the homes of kids who couldn’t afford to purchase them. In the beginning it was The HeliOS Project, and just getting donations of equipment was a challenge to say the least. But by 2012 we had morphed into our own nonprofit with our own facility, and a pool of over 100 volunteers who made Reglue.org the success it became. Since then, Reglue.org has placed 2,237 computers into financially-disadvantaged homes of students, ranging from middle school kids to graduate students.

        I don’t want to rehash our history. Searching my name and Reglue or Helios Project will give you a full night’s reading if you wish to do so.

        I’ve been blessed to do the work I do. I’ve given two keynote addresses for LinuxFest, created a number of community computer facilities, and held classes to assist senior citizens on the finer points of using a computer. That’s not to mention personally supplying support for all the computers we’ve placed. But if I had to name one accomplishment that gave me the most satisfaction, it would be creating the Bruno Knaapen Technology Learning Center. Bruno Knaapen was an open source and Linux advocate who worked tirelessly to help people understand computer technology, and he did so free of charge. We lost Bruno to brain cancer in 2009.

    • Audiocasts/Shows

    • Kernel Space

      • Celebrating 30 years of Linux – is 2021 finally the year of the Linux desktop? [Ed: We’re not sure why some people write about it now (3 months late)]

        These two cause the most visible differences, but they are just the tip of the iceberg. Just think about Linux distributions. What are distributions: a Linux kernel and some applications integrated around it. Often even the same window manager looks different and behaves in a different way on another distribution. What is more: there can be major changes when you upgrade to the next version of the same distribution.

        Most of the Linux distributions have a one year life span and then the users are advised to upgrade. If they keep using it, they are left without security updates and bug fixes. There are distributions with longer life times, but then comes another problem: they might be difficult or impossible to install on a new computer. I had to switch from openSUSE to Fedora temporarily for a few months when I got my last two laptops. These large changes on the desktop can be avoided when someone uses a rolling distribution. They are constantly updated, which means that there are no jumps, but there are small changes all the time.

        Comparing it to Windows: you can have the same look and feel for a decade. And except for Windows 8, the main concept of the Windows desktop is the same from Windows 95 until today.

        Most users do not like choices, and changes even less. With Linux distributions and various window managers they receive an endless amount of choices and changes. I love it from day one, just as many developers. But do we wonder that Linux is running only about two percent of desktops?

      • Extent-tree-v2: Global Roots and Block Group Root

        I’m working on a large set of on-disk format changes to address some of the more painful parts of Btrfs’s design. There’s a lot of discrete changes here, but they’ll all go under the single umbrella of “extent-tree-v2.” We’ve spent a few months going back and forth on different approaches, and have finally settled on a final set of changes. The global roots and block group root patches have been completed and submitted, but there’s a lot more change coming.

      • On-Disk Format Changes Ahead To Improve “Painful” Parts Of Btrfs Design – Phoronix

        Prominent Btrfs file-system developer Josef Bacik is working through a big set of patches that will result in on-disk format changes to Btrfs but address some of “the more painful parts” to the file-system’s design.

        Over the next year Josef is looking to land these changes to address locking contention on global roots and the issue of block group items being spread throughout the extent tree.

        He is developing this work under the “extent-tree-v2″ label and to date is around 80 patches but is just getting started. He’s hoping in the next 6~12 months it will be something users can start migrating to in order to take advantage of these Btrfs design improvements.

      • F2FS With Linux 5.16 Will Let You Intentionally Fragment The Disk – Phoronix

        Jaegeuk Kim submitted the Flash-Friendly File-System (F2FS) updates on Wednesday for the nearly over Linux 5.16 merge window.

        The F2FS changes this cycle aren’t particularly large but include a few enhancements and a number of bug fixes along with some code cleaning. One interesting new addition is adding a mount option to intentionally fragment the on-disk layout of F2FS file-systems.

        F2FS’ “mode=” mount option has added new options to simulate file-system fragmentation after garbage collection. The “fragment:segment” option will create a new segment in a random position while “fragment:block” will scatter block allocation. New sysfs nodes are added for further tuning the behavior of the “mode=fragment:block” option. Details in this commit.

    • Applications

      • 26 Best Free Open-source Calendar Apps for Windows, Linux, and macOS

        Calendar is an app that is used on daily basis, it is a significant tool for organization, planning, daily routine tasks, appointments management, and personal improvements.

        As an example, Google Calendar is a scheduling calendar service by Google. It aids users in creating events, tasks, schedule and managing appointments, and keeping everything in sync and stored on the cloud. It also allows users to share events, attach locations, and more.

        The primary problem is: it requires an internet connection.

        In this article, we provide you with a collection of desktop calendar apps, that will help you to organize your events, deal with calendar files and keep track of your tasks and daily routines.

      • gmipay v1.2 released, with subscription support

        Good time of day, fellow spacemen.

        Version 1.2 of gmipay has been released.

        gmipay is a Gemini payment processing proxy CGI script. It allows you to sell your content (or buy others’) and have it served transparently and with no friction.

    • Instructionals/Technical

      • How to run different PHP versions on the same server – Unixcop the Unix / Linux the admins deams

        Sometimes a SysAdmin receives strange requests. For example: a couple of days ago my client need to upload a new site, this new site needs PHP7.4 while their server run with PHP7.2. I’ve installed then 7.4 but all the other VirtualHosts (at least the important ones) broke under php7.4. Initially I was thinking on some kind of containers but I’ve found something simpler. This is how to run different PHP versions on the same server.

      • How to easily transfer files between computers with croc – TechRepublic

        Usually, when I want to transfer files between computers on the same network, I’ll use the scp command. But sometimes I want something a bit simpler to use. When those instances arise, I turn to a very handy command-line tool called croc. With this easy-to-use tool, you can transfer files and folders from one system to another, without having to remember much in the way of commands.

      • How to install Rabbitmq in Rocky Linux/Centos 8

        In this guide we will explore how to install the latest release of RabbitMQ in Rocky Linux 8 server or Workstation. This will also work for RHEL 8 derivatives like Oracle linux, Alma linux and Centos 8.

        RabbitMQ is an open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). RabbitMQ works by receiving messages from publishers (applications that publish them) and routes them to consumers (applications that process them).

      • How to install and Use Lynis on Fedora 35 – NextGenTips

        In this guide we are going to learn how to install and use Lynis on Fedora 35.

        Lynis is an open-source, battle-tested security tool for systems running Linux, MacOS and Unix-based operating system. It performs an extensive health scan of your system in order to support hardening and compliance testing.

        Lynis gives complete information about the current operating system, current operating system version, hardware running on the Linux machine, firmware information etc.

      • How to install Podman on Rocky Linux 8 / AlmaLinux to run Containers

        Podman is promoted as an alternative to Docker that advertises as a tool compatible with Docker Images. Also, it offers a command line that is identical to Docker and is intended to simplify the migration from Docker to Podman for both users and programs. Under the hood, however, the two container tools are very different. Podman is a daemon-less tool instead its uses runC container runtime process where Docker uses a daemon to manage all resources.

        Developed by Redhat this container tool was originally planned as a debugging tool for the CRI-O container engine, which is specialized in Kubernetes, in order to simplify certain tasks for application developers and administrators of Kubernetes clusters. Since then, however, Podman has grown into a comprehensive tool for container management. Developers can easily install it from major software sources in Linux distributions such as Fedora, Arch Linux, and openSUSE Tumbleweed.

      • How to Install and Set Up Telegram on Linux

        Telegram is a popular instant messaging platform that lets you send messages, make VoIP calls, and share files, both on mobile devices and on your desktop.

        If you frequently use Telegram for all of your communications—and only have it on your phone—you might want to install it on your desktop, too, to respond to calls and messages while you’re at your desk.

        In case you’re running Linux, though, installing Telegram can be a little complicated—just like installing other software. So to simplify things, here’s a guide to help you install Telegram on your Linux machine.

      • How to Install HAProxy on Debian 11

        HAProxy is a free, open-source, and reliable solution for high availability and load balancing. It distributes the load across the multiple application servers and to simplify the request processing tasks. It can be installed on all major Linux operating systems. It is popular due to its efficiency, reliability, and low memory and CPU footprint.

        In this post, we will explain how to install HAProxy on a Debian 11 system.

      • How to Create a Self-Signed Certificate in Linux

        Creating a self-signed SSL certificate in Linux is quite easy and can be done in just a few clicks. You can use a self-signed certificate to secure the connection between your web server and a visitor’s browser. Linux makes it really easy for you to generate a certificate and sign it using a private key.

        Here’s how you can create your own SSL certificates right from your Linux terminal.

      • How To Install and Enable EPEL Repository on Rocky Linux/Centos 8

        In this guide, we will learn how to install and enable EPEL repository on Rocky Linux/Centos 8. This guide will also work for RHEL 8 and its derivatives like Alma Linux, Oracle Linux, Scientific Linux, etc.

        EPEL is a repository that provides extra packages for Enterprise Linux. The EPEL repository is an additional package repository that provides easy access to install packages for commonly used software. This repo was created because Fedora contributors wanted to use Fedora packages they maintain on RHEL and other compatible distributions. The EPEL group creates, maintains and manages a high-quality set of additional packages. These packages may be software not included in the core repository, or sometimes updates which haven’t been provided yet.

      • How To Install Blender on Ubuntu 20.04 LTS – idroot

        In this tutorial, we will show you how to install Blender on Ubuntu 20.04 LTS. For those of you who didn’t know, Blender 3D is a professional open-source 3D graphics and animation software. It has a rich feature set like animations, visual effects, 3D modeling, and motion graphics. This provides outstanding outcomes and is used in professional filmmaking.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Blender 3D Creation Software on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • Convert PNG Images to WebP on Linux (With Commands) – Linux Nightly

        The WebP image format is great at compressing photos to incredibly small file sizes. This makes it an ideal format for images on websites, just as its name would imply. Outside of web hosting, the PNG image format is much more popular and better suited to archiving.

        In this tutorial, you’ll see how to convert WebP images to PNG with Linux commands. You’ll also see how to convert images into WebP, in case you plan to upload photos somewhere and want the smaller file size for your web visitors.

      • Install Security Patches or Updates Automatically on Rocky or AlmaLinux 8

        Keeping your operating systems up to date with the latest software and security patches is one of the easiest methods to improve security. As a result, deploying updates regularly is a vital aspect of keeping systems secure. However, many users don’t know about the updates, and their system gets old as compared to the latest security patches. So in this blog, we will explain the method to install security patches or updates automatically on Rocky or AlmaLinux.

      • How to install and use Podman in Rocky Linux/Centos 8 – Citizix

        Podman is a container engine that’s compatible with the OCI Containers specification. It is part of RedHat Linux, but can also be installed on other distributions. As it’s OCI-compliant, Podman can be used as a drop-in replacement for the better-known Docker runtime. Most Docker commands can be directly translated to Podman commands. Podman implements almost all the Docker CLI commands (apart from the ones related to Docker Swarm).

        Podman complements Buildah and Skopeo by offering an experience similar to the Docker command line: allowing users to run standalone (non-orchestrated) containers. And Podman doesn’t require a daemon to run containers and pods, so we can easily say goodbye to big fat daemons. There are no daemons in the background doing stuff, and this means that Podman can be integrated into system services through systemd.

      • How to package open source applications as RPMs | Enable Sysadmin

        Recently, I wrote about packaging your own software with Red Hat Package Manager (RPM). Another common scenario is that you find a piece of software you want to use, but there is no RPM for it. This article shows you how to create RPMs for third-party applications.

      • Installing openSUSE Tumbleweed on the Enclustra Mars MA3 – KaratekHD Blog

        As part of my school internship at TEM Messtechnik I got the oppertunity to work on the Enclustra Mars MA3, a FPGA SoC with two ARMv7 cores. This post describes the process of getting Linux (more precisely, openSUSE Tumbleweed) to work on this SoC.

      • The Perfect Server – CentOS 8 with Apache, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.2

        This tutorial shows the installation of ISPConfig 3.2 on a CentOS 8 (64Bit) server. ISPConfig is a web hosting control panel that allows you to configure the following services through a web browser: Apache web server, PHP, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Mailman, and many more.

      • How To Install Debian 11 Bullseye – OSTechNix

        Debian 11, codenamed bullseye, is the latest long-term support release (LTS) that is released after a development period of over two years. Debian 11 comes with the kernel version 5.10 LTS. Over 70% of the packages in Debian repositories are updated to newer versions compared to its previous version buster. To know more about the Debian 11 features you can take a look at the release notes. This step by step guide walks you through the steps to download the latest Debian edition, and create Debian 11 bootable medium and finally how to install Debian 11 bullseye with screenshots.

      • Three different ways to duplicate installed packages in multiple machines in Linux – blackMORE Ops

        So you’ve installed your Linux server and installed all packages you need. Now you’re about to setup another server with similar packages. One thing you can do is to save the install commands from the first one and the run it on the second machine. How about when you’ve done it over few weeks time and forgot some details but need to have another server up and running quickly.

    • Games

      • Godot Engine – Godot Engine receives $100,000 donation from OP Games

        We are happy to announce that the gaming platform OP Games is donating USD 100,000 to the Godot project. These funds will be used to further the general development of the engine.

        As mentioned in their announcement, OP Games is also similarly supporting the open source game development tools Blender and Phaser, and the source available Defold engine.
        OP Games is also actively looking for game developers interested in their platform, see this contact form for details.

      • OPGames donates $300k to open source including Godot Engine and Blender | GamingOnLinux

        OPGames, a company that (as they describe) helps “turn games into investable assets through NFTs” has donated a bunch of monies to a few great open source projects.

        In their announcement they mentioned $300k has gone to Phaser, Defold, Godot, and Blender. In the announcement OPGames CTO and co-founder Paul Gadi said “We are truly honored to be able to support open-source with the funds raised by our Arcadians community! Open-source game engines are the perfect example of a public good: they are free for anyone to use and safeguards developers from platform lock-in. We hope that this donation will inspire others to support more open-source projects, as they will be foundational in how we break free from the attention economy”.

      • The Game Of Life Moves Pretty Fast, If You Don’t Use Stop Motion You Might Miss It | Hackaday

        Munged Ferris Bueller quotes aside, Conway’s Game of Life is the classic cellular automata that we all reach for. The usual approach is to just iterate over every cell in the grid, computing the next state into a new grid buffer. [K155LA3] set out to turn that on its head by implementing Game Of Life in the hardware of an FPGA.

        [K155LA3]’s version uses Chisel, a new HDL from the Berkley and RISCV communities. Under the hood, Chisel is Scala with some custom libraries that know how to map Scala concepts onto hardware. In broad strokes, Verilog and VHDL are focused on expressing hardware and then added abstraction on top of that over the year. Chisel and other newer HDL languages focus on expressing high-level general-purpose elements that get mapped onto hardware. FPGAs already map complex circuits and hardware onto LUTs and other slices, so what’s another layer of abstraction?

      • The Raw Data of the Q2 2021 Linux Gamers Survey – Boiling Steam

        While there are still a few articles coming up, today we are releasing the raw data for everyone to explore and use. Note that this is not the full dataset, but this represents most of it. 94% of respondents actually agreed to have their data shared.

      • Total War: WARHAMMER III gets more new footage | GamingOnLinux

        Now that we know when Total War: WARHAMMER III will release, Creative Assembly has been putting out some more info about it and there’s some fresh gameplay videos too. It’s still a little while away for release on February 17, with Linux as close as possible to that from Feral Interactibe.

      • Escape Simulator sees over 600 rooms made by players | GamingOnLinux

        Pine Studio has seen quite a success with player interaction with their new game Escape Simulator, with 500 player created rooms in just over two weeks after release and right now it has well over 600.

        The game’s team lead, Tomislav Podhraški said: “We couldn’t believe what the community was creating with our game. Discovering ingenious ways to outsmart the system and break game physics, simulating iconic pop-culture scenes, and inventing tonnes of narrative surprises. We were completely blown away.”

      • Europa Universalis IV: Origins is out along with a big free update | GamingOnLinux

        Europa Universalis IV: Origins is a new “Immersion Pack” available now as a paid DLC for Paradox’s popular historical strategy game and the 1.32 Songhai free update is also live.

        From the trading ports on the eastern coast to the gold mines of Mali, early modern Africa was a continent of rich kingdoms and cultural variety. Now, Europa Universalis IV: Origins brings this history to vivid life with new missions, events and regional flavour.

      • The Khronos Group officially announces the Dynamic Rendering extension for Vulkan

        Recently with the Vulkan 1.2.197 specification update, a new extension popped up that has plenty of developers happy with Dynamic Rendering and now The Khronos Group has formally announced it with a more detailed explanation. This is of course aimed at developers, not most of us normal consumers but we still thought it interesting to highlight to bring more attention to it.

        The Vulkan API is vitally important for Linux gaming, since it can provide much greater performance than OpenGL. It’s used in the DXVK and VKD3D-Proton projects, which translate Direct 3D to Vulkan for use with Steam Play Proton, and it’s the reason we see the performance level with it that we do when running Windows games.

      • Epic Chef: A Cooking Quest of Epic Proportions – Boiling Steam

        Do you enjoy cooking? It’s practically in my family blood. In Epic Chef — developed by Infinigon Games and published by Team17 — you’re playing a game and basically doing the same thing, except it’s a lot less realistic.

        The game starts with Zest, the main protagonist of the game and the character that you use, who gets thrown overboard from a ship and into the land of Concordia. Apparently Zest was trying to do the pirates of the ship a favor, but they seemed to take it the wrong way and forcefully eject him out of their ship.

        Zest has no money, but after talking to some of the people in the town and getting the necessary documents, he is eventually given some land, and a haunted house (the Villa grounds). Well, semi-haunted anyway. That’s why the mortgage is free. The people of Concordia, particularly Private Speck, the guardkeeper of the house, try to convice Zest not to reside there, but Zest has no other options.

    • Distributions

      • Top 5 Best Linux Distros for Beginners That Make You Love Linux

        Linux has always been helpful and dedicated to maintaining servers, systems, local machines, and old systems. If you’re a newbie to Linux, there is a chance that you might get confused about which distribution, which desktop environment you should choose for your system. Well, you can always try out distributions and choose the right one for you. But that process would be a bit time-consuming and tough to find the best Linux distro for beginners.

        Finding the best Linux distro for beginners would really help and save time for getting started with Linux. There were times when only people with programming and system admins used to use Linux, but now it has changed. Linux welcomes all types of users, from students to developers and professionals to beginners.

      • 10 Best Linux Distros for Privacy and Security for 2022

        It is always a concern of users to surf the internet in privacy. However, surfing on the usual operating systems can’t provide the security you want. There’s no need to worry, Linux is among the most private operating systems available. So in this blog, we will list the best Linux Distros for Privacy.

        The below list is completely based on the user reviews, features, security, privacy, and accessibility of these Linux distros.

      • SUSE/OpenSUSE

        • KDE Gear, GNOME Update in Tumbleweed

          Tumbleweed pulled back from the frequency of snapshots released last week, but still had a good amount of releases this week.

          After continuous daily releases from Oct. 27 to Nov. 2, openSUSE Tumbleweed put together another three consecutive snapshots.

          Just four packages arrived in snapshot 20211105 snapshot. The first of the 41.1 GNOME packages arrived in the snapshot. gnome-chess and gnome-remote-desktop. The latter had some adjustments for frame PipeWire data. There was some clean up with the network configuration package wicked in the 0.6.67 version along with changes in the dbus configuration. The aws-cli 1.21.6 package had multiple API changes and relaxed a version dependency for python-docutils.

      • IBM/Red Hat/Fedora

        • Best practices for building images that pass Red Hat Container Certification

          Building unique images for various container orchestrators can be a maintenance and testing headache. A better idea is to build a single image that takes full advantage of the vendor support and security built into Red Hat OpenShift, and that also runs well in Kubernetes.

          A universal application image (UAI) is an image that uses Red Hat Universal Base Image (UBI) from Red Hat Enterprise Linux as its foundation. The UAI also includes the application being deployed, adds extra elements that make it more secure and scalable in Kubernetes and OpenShift, and can pass Red Hat Container Certification.

          This article introduces you to nine best practices you should incorporate into your Dockerfile when building a UAI. Each section in this article explains a practice, shows you how to implement the practice, and includes Red Hat certification requirements related to the topic.

        • What is AI/ML and why does it matter to your business?

          AI/ML—short for artificial intelligence (AI) and machine learning (ML)—represents an important evolution in computer science and data processing that is quickly transforming a vast array of industries.

          As businesses and other organizations undergo digital transformation, they’re faced with a growing tsunami of data that is at once incredibly valuable and increasingly burdensome to collect, process and analyze. New tools and methodologies are needed to manage the vast quantity of data being collected, to mine it for insights and to act on those insights when they’re discovered.

        • High performance computing 101

          The data is in—massive amounts of it, and high computing power can help enterprises make some sense out of it. For a technology that has gone through ebbs and flows in popularity, high performance computing (HPC) may be expanding to use cases beyond those found in scientific research as more industries can tap into valuable insights gained from artificial intelligence, machine learning, and other emerging technologies.

          So, what does this mean to your organization? If you’re increasingly facing the need to translate large amounts of consumer data to track trends or calculate thousands of financial transactions a day to support business growth, is HPC something you should be considering?

        • Top 5 resources to learn about the IBM and Cloudera partnership

          Six months, four blogs, three videos, two conference presentations, and one amazing partnership — that is how I would describe the IBM and Cloudera partnership so far. This blog post highlights some of the best developer-focused resources to help you leverage your data to build AI-enabled applications.

          Earlier this year, IBM and Cloudera announced that they would partner together to create a new joint offering: Cloudera Data Platform for IBM Cloud Pak for Data, bringing together two leading data platforms. The benefits of using boths platforms are outlined in the various product pages and focused on security, scalability, and, of course, combining the best technologies for data and AI.

          Soon after, a few of us on the IBM Developer and Hybrid Cloud Build Team were tasked with testing the products, building PoCs for customers, and creating assets to be consumed by external audiences.

          Below are our top five resources for learning about the IBM and Cloudera partnership. Before we get into it, I would like to give a shout-out to the folks that made it possible: Tim Robinson, Brett Coffmann, Dave Fowler, Marc Chisinevski, and Erik Beebe. Let’s get started!

        • CentOS project moves to development using GitLab

          The CentOS Project announced the launch of a collaborative development service based on the GitLab platform. The decision to use GitLab as the primary hosting platform for CentOS and Fedora projects was made last year. It is noteworthy that the infrastructure was raised not on its own servers, but on the basis of the gitlab.com service, in which the gitlab.com/CentOS section is provided for projects related to CentOS.

          At the moment, work is underway to integrate the section with the user base of the CentOS project, which will allow developers to connect to the Gitlab service using existing accounts. Separately, it is noted that git.centos.org based on the Pagure platform will continue to be considered as a place to host the source code of packages ported from RHEL, as well as as the basis for the formation of the CentOS Stream 8 branch. But the CentOS Stream 9 branch is already developing on the basis of a new repository in GitLab and is distinguished by the ability to connect to the development of contributors from the community. Other projects hosted on git.centos.org remain in place for now and are not forced to migrate.

        • Simplify Kafka authentication with Node.js

          Apache Kafka is a publish-subscribe messaging system that is commonly used to build loosely coupled applications. These types of applications are often referred to as reactive applications.

          Our team maintains a reactive example that shows the use of Kafka in a simple application. If you’ve looked at these types of applications, you know that although the components are decoupled, they need access to a shared Kafka instance. Access to this shared instance must be protected. This means that each component needs a set of security credentials that it can use to connect to the Kafka instance.

          As a Node.js developer, how can you safely share and use those credentials without a lot of work? Read on to find out.

          Note: You can learn more about using Node.js in reactive applications in the article Building reactive systems with Node.js.

        • Contribute at the Fedora Linux 36 Test Week for Kernel 5.15

          The kernel team is working on final integration for kernel 5.15. This version was just recently released, and will arrive soon in Fedora. As a result, the Fedora kernel and QA teams have organized a test week from Sunday, November 14, 2021 through Sunday, November 21, 2021. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.

        • Fedora Silverlight: not only for your grandma

          I have migrated my grandparents to Fedora Silverlight, previously they used CentOS. I was impressed how everything worked well and I like where Fedora is going overall. Less pre-installed software, I am hoping for more packages to be dropped – Evolution backend, on-line accounts, Maps and others. Overall, it works great.

      • Debian Family

        • Sparky 6.1

          There is a next point release of Sparky 6 – 6.1 “Po Tolo” of the stable line ready to go. Sparky 6 is based on and fully compatible with Debian 11 “Bullseye”.

          – system upgraded from Debian & Sparky stable repos as of November 9, 2021
          – Linux kernel 5.10.70 (PC)
          – Linux kernel 5.10.63-v7+ (ARMHF)
          – Firefox 78.14.0esr
          – Thunderbird 78.14.0
          – VLC 3.0.16
          – LibreOffice 7.0.4
          – LXQt 0.16.0
          – Xfce 4.16
          – Openbox 3.6.1-9
          – KDE Plasma 5.20.5
          – small improvements

        • SparkyLinux 6.1 Released with Updated Packages and Improvements

          The SparkyLinux team has announced the release of SparkyLinux 6.1, latest stable update in project’s 6.x series.

          SparkyLinux is a desktop-oriented Linux distro created on the top of the Debian operating system. It is lightweight, fast, and simple Linux distro, suitable to run on old computers without any problems. It’s aims to be easy on system resources and can breathe new life into aging computers.

          SparkyLinux includes a full-fledged operating system with LXQt, Xfce, and KDE desktop environments and minimal images for MinimalGUI and MinimalCLI which enables to install the system with a minimal set of applications, and then choose your own applications via Sparky Advanced Installer.
          Today the SparkyLinux development team announced the release of SparkyLinux 6.1 rolling operating system. So let’s see what’s new.

      • Canonical/Ubuntu Family

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Google removes restrictions on students only from Summer of Code

        Google has announced the annual Google Summer of Code 2022 (GSoC) event aimed at encouraging newbies to work on open source projects. The event is being held for the seventeenth time, but it differs from previous programs in the removal of restrictions on the participation of only undergraduate and graduate students. From now on, any adult who has turned 18 years old can become a GSoC participant, but with the condition that he has not previously made a significant contribution to the development of projects outside the GSoC event and has not participated in the GSoC more than two times. It is understood that the event will now be able to help beginners who want to change their field of activity or are engaged in self-education.

      • Family Management does it need an app? If yes, Try Mea-Familia

        The software package is released under an unusual license: EUPL-1.2 or European Union Public License version 1.2.

      • Events

        • The Linux Foundation Announces Keynote Speakers for Open Source Summit Japan + Automotive Linux Summit 2021 [Ed: Linux Foundation has given Microsoft (Audrey Lee) a greenwashing keynote in an event about “Linux”; they keep doing it… Zemlin et al are monetising the devaluation by misuse of the valuable Linux brand — a brand that some companies would pay a lot of money to hijack and destroy]

          The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit Japan + Automotive Linux Summit 2021, taking place virtually December 14-15. One registration pass includes access to both events. The keynote speakers can be viewed here and the full schedule can be viewed here.

      • Web Browsers

        • Spying Browsers

          • Windows 11 blocks Edge browser competitors from opening links

            Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds.) The build changelog makes a few mentions of changes to the protocol and file associations/default apps system. However, it omitted the headline news: You can no longer bypass Microsoft Edge using apps like EdgeDeflector.


            Before discussing the changes in the latest Windows builds, I’d like to refresh your memory on Microsoft’s earlier escapades with antitrust regulators. I’m not a lawyer, but some case law is common knowledge in the tech field. I’m, of course, thinking of United States versus Microsoft (2001) and Microsoft versus European Commission (2009). In both cases, regulators found that Microsoft was abusing its market-leading operating system to unfairly promote its Internet Explorer (now called Edge) browser; disadvantaging competing web browsers.

            While the US decided not to take action against Microsoft on this point, the EU didn’t hold back. Microsoft agreed to hide shortcuts to Internet Explorer and show customers in the EU the infamous browser ballot screen. The dialog listed Internet Explorer among competitors and asked them to choose what browser they wanted to one-click install.

          • Firefox’s Private Browsing mode upleveled for you

            There are plenty of reasons why you might want to keep something you are doing on the web to yourself. You might be looking for a ring for your soon-to-be fiance, looking up what those mysterious skin rashes could be, or reading a salacious celebrity gossip blog. That’s where Private Browsing mode comes in handy. This year, we upleveled and added new advanced features to our Private Browsing mode. Before we share more about these new features we wanted to share some of the misconceptions about Private Browsing.

            One of the top common myths about Private Browsing (in any major web browser) is that it makes you anonymous on the Internet. The Private Browsing mode on Chrome, Safari, Edge and Firefox are primarily designed to keep your activity private from other users on the same computer, but websites and Internet service providers can still gather information about your visit, even if you are not signed in. To learn more about other Common Myths, visit our site. You should know though, that Firefox offers something that other browsers don’t, which is advanced privacy protections. Read on to learn more about our unique tracking protections.

          • Mozilla submits comments to the California Privacy Protection Agency – Open Policy & Advocacy

            This week, Mozilla submitted comments in response to the California Privacy Protection Agency’s Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act (CPRA).

            Mozilla has long been a supporter of data privacy laws that empower people, including the trailblazing California privacy laws, California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We welcome the opportunity to offer feedback as California considers how to best evolve its privacy protections, and we support the progress made thus far, particularly as federal efforts languish — but there’s more to do.

      • SaaS/Back End/Databases

        • PostgreSQL 14.1, 13.5, 12.9, 11.14, 10.19, and 9.6.24 Released!

          The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 14.1, 13.5, 12.9, 11.14, 10.19, and 9.6.24. This release closes two security vulnerabilities and fixes over 40 bugs reported over the last three months.

          Additionally, this is the final release of PostgreSQL 9.6. If you are running PostgreSQL 9.6 in a production environment, we suggest that you make plans to upgrade.

      • Education

        • ITFlow: an Open-source system for MSPs and IT departments

          ITFlow is a software package to help manage IT departments, IT service companies, computer shops, computer maintenance shops, and MSPs (Managed Service Providers).

          It is the open-source self-hosted equivalent and alternative to the popular IT management system “ITGlue”.

          ITFlow is a web-based self-hosted IT-asset management system that users can download, install and configure on a local or a remote system.

      • Programming/Development

        • How Learning Linux Will Improve Your Software Testing

          One of the skills mentioned in the tester profile is the knowledge of Linux commands. It is important since being an open-source OS, Linux offers more possibilities for both developers and testers in terms of immersing deep into the development environment and being restricted close to nothing, due to its plethora of tools and perspectives to learn.

          When having a solid command of Linux commands ( no pun intended) one might engage in performing backend testing ( e.g. fetching and verifying logs), getting involved with real-time projects, testing in Domains like Telecom, Big Data.

        • Twelve Years of Go

          Today we celebrate the twelfth birthday of the Go open source release. We have had an eventful year and have a lot to look forward to next year.

          The most visible change here on the blog is our new home on go.dev, part of consolidating all our Go web sites into a single, coherent site. Another part of that consolidation was replacing godoc.org with pkg.go.dev.

          In February, the Go 1.16 release added macOS ARM64 support, added a file system interface and embedded files, and enabled modules by default, along with the usual assortment of improvements and optimizations.

          In August, the Go 1.17 release added Windows ARM64 support, made TLS cipher suite decisions easier and more secure, introduced pruned module graphs to make modules even more efficient in large projects, and added new, more readable build constraint syntax. Under the hood, Go 1.17 also switched to a register-based calling convention for Go functions on x86-64, improving performance in CPU-bound applications by 5–15%.

          Over the course of the year, we published many new tutorials, a guide to databases in Go, a guide to developing modules, and a Go modules reference. One highlight is the new tutorial “Developing a RESTful API with Go and Gin”, which is also available in interactive form using Google Cloud Shell.

          We’ve been busy on the IDE side, enabling gopls by default in VS Code Go and delivering countless improvements to both gopls and VS Code Go, including a powerful debugging experience powered by Delve.

        • Twelve Years of Go (The Go blog)

          On November 10, the Go programming language community celebrated the 12th anniversary of its release as open-source software.

        • Arm Cortex-A710 Support Merged Into GCC 12 Compiler – Phoronix

          Announced back in May was the Cortex-A710 as the first-generation Armv9 “big” core and successor to the Cortex-A78. The initial Cortex-A710 support is now present in the GCC 12 code compiler.

          Last month Armv9 and Cortex-A710 support began landing in the GNU Toolchain, first up with Binutils. This week the GNU Compiler Collection then introduced the -march=armv9-a targeting support and now the Cortex-A710 support has been merged.

        • Live Debugging Techniques for the Linux Kernel, Part 3 of 3
        • Qt Creator 6 RC released

          We are happy to announce the release of Qt Creator 6 RC!

        • ClusterFuzzLite: Continuous fuzzing for all

          In recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. NIST’s guidelines for software verification, recently released in response to the White House Executive Order on Improving the Nation’s Cybersecurity, specify fuzzing among the minimum standard requirements for code verification.

          Today, we are excited to announce ClusterFuzzLite, a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed, enhancing the overall security of the software supply chain.

        • Google Rolls Out ClusterFuzzLite For Easy-To-Use, Continuous Fuzzing – Phoronix

          As part of Google’s effort around fuzzing for improving open-source security, the company today announced ClusterFuzzLite as their new, easy-to-use solution for fuzzing open and closed-source projects with ease as part of the CI/CD process.

  • Leftovers

    • Hardware

      • Scientific Honesty And Quantum Computing’s Latest Theoretical Hurdle | Hackaday

        uantum computers are really in their infancy. If you created a few logic gates with tubes back in the 1930s, it would be difficult to predict all the ways we would use computers today. However, you could probably guess where at least some of the problems would lie in the future. One of the things we are pretty sure will limit quantum computer development is error correction.

        As far as we know, every quantum qubit we’ve come up with so far is very fragile and prone to random errors. That’s why every practical design today incorporates some sort of QEC — quantum error correction. Of course, error correction isn’t news. We use it all the time on unreliable storage media or communication channels and high-reliability memory. The problem is, you can’t directly clone a qubit (a quantum bit), so it is hard to use traditional error correction techniques with qubits.

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

        • Security

          • Hijacking smart luggage

            When is a vulnerability not a vulnerability? I’m not sure this counts as a vuln per-se, but some easily-fixed and simple manufacturer mistakes result in trivial hijack of…. yes… your smart luggage.

            The Airwheel SR5 is the first smart luggage that we’ve seen. It can automatically follow the owner through an airport, avoiding obstacles along the way.


            The owner wears a watch-style BLE device that the luggage will ‘home in’ on. As the wearer walks off, the luggage pays attention and follows.

            The luggage has four ultrasonic sensors for obstacle avoidance. In practice, we found the luggage would often take random turns in to walls and crash. This may be a result of RF signal interference or reflections. Hard to say without spending a lot of time on it. It also got ‘lost’ quite a bit, meaning the owner had to return to the luggage to get it to start following again.

            Anyway, there is no security for the pairing process for the luggage to the wristband. No particular issue there, as it’s highly unlikely someone else would be trying to pair their luggage at the same time as you in the same location.

          • Securing your digital life, part one: The basics | Ars Technica

            I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better defend against them. It’s not entirely different from my days at Ars Technica, but it has given me a greater appreciation for just how hard it is for normal folks to stay “safe” digitally.

            Even those who consider themselves well educated about cyber crime and security threats—and who do everything they’ve been taught to do—can (and do!) still end up as victims. The truth is that, with enough time, resources, and skill, everything can be hacked.

            The key to protecting your digital life is to make it as expensive and impractical as possible for someone bent on mischief to steal the things most important to your safety, financial security, and privacy. If attackers find it too difficult or expensive to get your stuff, there’s a good chance they’ll simply move on to an easier target. For that reason, it’s important to assess the ways that vital information can be stolen or leaked—and understand the limits to protecting that information.

          • Security updates for Thursday

            Security updates have been issued by Debian (icinga2, libxstream-java, ruby-kaminari, and salt), Fedora (awscli, cacti, cacti-spine, python-boto3, python-botocore, radeontop, and rust), Mageia (firefox, libesmtp, libzapojit, sssd, and thunderbird), openSUSE (samba and samba and ldb), SUSE (firefox, pcre, qemu, samba, and samba and ldb), and Ubuntu (firejail, linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-oem-5.10, linux-oem-5.14, and python-py).

          • BIOS Updates Begin Appearing For New Intel Privilege Escalation Vulnerabilities – Phoronix

            OEMs have begun releasing updated BIOS/firmware revisions to address new security vulnerabilities disclosed this week by Intel. Most pressing are potential security vulnerabilities within the BIOS reference code used by various Intel CPUs that could lead to privilege escalation by local users and ranked a “high” impact severity.

            INTEL-SA-00562 was made public on Tuesday around security vulnerabilities in the BIOS reference code for processors ranging from 3rd Gen Xeon Scalable to 11th Gen Core to Celeron and Pentium processors… Rather broad exposure across Intel CPU product lines for recent generations and going back to at least the likes of the 7th Gen Core processors.

            The vulnerabilities in the BIOS reference code could lead to privilege escalation of local users and carries a CVSS base score of “high” at 8.2 for both CVEs. CVE-2021-0157 is tracking insufficient control flow management in this BIOS firmware and CVE-2021-0158 is for improper input validation by the BIOS firmware.

          • VMware Releases Security Advisory

            VMware has released a security advisory to address a privilege escalation vulnerability in vCenter Server and Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system.

          • Apple Releases Security Update for iCloud for Windows 13 | CISA

            Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system.

          • What Happens If Time Gets Hacked
          • BusyBox flaws highlight need for consistent IoT updates | CSO Online

            Security researchers have found and reported 14 vulnerabilities in the BusyBox userspace tool that’s used in millions of embedded devices running Linux-based firmware. While the flaws don’t have high criticality, some of them do have the potential to result in remote code execution (RCE).

            BusyBox is a software utilities suite that its creators describe as the Swiss army knife of embedded Linux. It contains implementations of the most common Linux command-line tools, together with a shell and a DHCP client and server, all packaged as a single binary. BusyBox has become a de facto standard in the embedded Linux userspace, its standalone binary having support for over 300 common Linux commands.

    • Monopolies

      • Trademarks

        • Facebook In Legal Trouble For Stealing Meta Name – Invidious

          Recently Facebook decided to pull a google and create Meta a parent company to continue invading everybodies privacy while pretending like Facebook no longer does so and there’s been some controversy about the name with one so called company claiming that there name was stolen.

Links 11/11/2021: Mesa 21.3 RC5 Release

Posted in News Roundup at 8:29 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

      • BSD Now 428: Cult of BSD

        OpenBSD Part 1: How it all started, Explaining top(1) on FreeBSD, Measuring power efficiency of a CPU frequency scheduler on OpenBSD, CultBSD, a whole lot of BSD bits, and more.

      • The Linux Link Tech Show Episode 930

        3d printing, joel gets callled out, what tech gifts

      • You had ONE JOB, Linus! | Reacting to the Daily Driver Challenge – Invidious

        LinusTechTips, if you’re not aware, is one of the most popular tech YouTube channels out there… yet somehow, Linus has never daily-driven Linux. Never even tried to! With the advent of the Steam Deck, though, Linus has come around to the idea of “Linux Gaming” and challenged his friend Luke to use Linux on their home rigs. Somehow Linus had a pretty rough go of it but ultimately they were (mostly) able to complete the first task of their challenge.

    • Kernel Space

      • Adding package information to ELF objects

        While it is often relatively straightforward to determine what package provided a binary that is misbehaving—crashing for instance—on Fedora and other Linux distributions, there are situations where it may be harder to do so. A feature recently proposed for Fedora 36—currently scheduled for the end of April 2022—would embed information into the binaries themselves to show where they came from. It is part of a multi-distribution effort to standardize how this information is stored in the binaries (and the libraries they use) to assist crash-reporting and other tools.

        On October 25, Fedora program manager Ben Cotton posted the proposal to the Fedora devel mailing list; it is also available on the wiki. The basic idea is that each ELF object that gets created for an RPM package will get a .note.package ELF section added to it. That section will contain a JSON-formatted description of exactly which RPM it was distributed with. So those binaries will contain information that can tie them directly to the package, even in the absence of RPM metadata on the system.

        The facility would be used by the systemd-coredump utility to log package versions when crashes occur. For regular Fedora systems, which normally have the RPM metadata available, there is no large advantage. But for other situations where Fedora-created binaries might be run—and crash—this mechanism would allow administrators and tools to recognize where exactly the binary came from.

      • Some 5.15 development statistics

        The 5.15 kernel was released on October 31, with the code name appropriately changed to “Trick or Treat”. By that time, 12,377 non-merge changesets had been merged into the mainline, adding a net total of 332,000 lines of code. Read on for a look at where the contributions to the 5.15 kernel came from.

      • Linux 5.16 Introducing Ability For A Driver To Probe Hardware While Powered Off – Phoronix

        Last week saw the main set of ACPI and power management changes for Linux 5.16 while merged on Wednesday were a secondary set of updates. Notable on the ACPI side are some changes in preparing for allowing Linux drivers to “probe” hardware while being powered off.

        This Intel-contributed change to the Linux kernel is about allowing certain devices to be probed by a kernel module without changing their power states / being powered up. It’s a bit of a corner case with normally not being able to properly probe the hardware and load the driver without the component being initialized and ensuring it can successfully light up and work. This won’t magically work for all drivers/hardware but depends upon necessary ACPI support being advertised.

      • Graphics Stack

        • [Mesa-dev] [ANNOUNCE] mesa 21.3.0-rc5
          Hello everyone,
          The fifth release candidate is now available, containing about equal
          amounts of Zink, AMD, and Intel fixes.
          Once again, this could have been the final release of 21.3.0, but there
          are blocking issues on Intel's side still left, so we're having another
          round of release candidate.
          Hopefully this will be the last one, but we'll see.
          Please test it and report any issue here:
          Issues that should block the release of 21.3.0 should be added to the
          corresponding milestone:
        • Mesa 21.3-rc5 Released With Numerous Intel / AMD / Zink Fixes – Phoronix

          The Mesa 21.3 development cycle continues dragging on due to blocker bugs affecting the Intel code, so instead it’s another week with a new release candidate.

          Mesa 21.3-rc5 is out with a random assortment of mostly fixes to Intel, AMD Radeon, and Zink OpenGL-on-Vulkan driver code. The blocker bugs holding up the release include Piglit test failures and dEQP failures on Intel graphics hardware. It’s possible other blocker bugs may come up, but traditionally they tend to be Intel-oriented simply due to Intel having better and more robust test coverage of Mesa on their hardware. Hopefully the few blocker bugs will get resolved in the next week or so to allow Mesa 21.3.0 to roll-out.

    • Applications

      • 7 Linux commands to use just for fun

        The Linux command line can be the home of power users and sysadmins. However, Linux is more than just a lot of hard work. Linux was developed by fun-loving people who created an array of comical commands. Try playing around with these yourself when you want a smile.

        Be sure to consult the man pages of all these commands to explore all the possibilities and iterations. What are your favorite silly commands, and do they have real-world uses as well? Share your favorites in the comments

    • Instructionals/Technical

      • How to Manage SSH Keys for Linux Machines

        SSH keys grant users access to critical systems such as cloud and on-premise servers and network devices. Typically, these are systems that should only be accessed by authorized users, and no one else. Proper management of these keys is therefore essential to ensure that the SSH keys are in the right hands and used in accordance with the best security practices.

      • The Hive (Security Incident Response Platform) – Unixcop the Unix / Linux the admins deams

        This page is a step by step installation and configuration guide to get an TheHive 4 instance up and running. This guide is illustrated with examples for Debian packages based systems and for installation from binary packages.

      • Setup X-pack Security on Elasticsearch and Kibana – Unixcop the Unix / Linux the admins deams

        X-Pack is an Elastic Stack extension that provides security, alerting, monitoring, reporting, machine learning, and many other capabilities. By default, when you install Elasticsearch, X-Pack is installed.

        The growing popularity of Elasticsearch has made both Elasticsearch and Kibana targets for hackers and ransomware, so it is important never to leave your Elasticsearch cluster unprotected.

        From Elasticsearch Version 6.8 and onwards, X Pack Basic License (free) includes security in the standard Elasticsearch version, while prior to that it was a paid for feature.

      • What are ephemeral certificates?

        This article is a short followup to my last article about cosign. I received many questions for my last article. The most common one was:

        “But wait! If the certificates are only valid for 30 minutes, how are my users supposed to validate my artifacts?”

        This is very common misconception and to be honest: I ran into the same trap at first. The terms “ephemeral” or “short-lived” do not refer to the signature validation. Instead, these terms refer to the certificate generation itself. The goal of short-lived certificates is to elimate the possible risks of private key leaks. Just imagine, we have a traditional long-lived certificate and a private key stored on one of our servers. If one attacker manages to steal this certificate and private key, maybe even years after the signature creation, the attacker will be able to craft a valid signature for their own malware with this certificate and key. With a short-lived certificate this would not be possible, because even if the attacker has access to both (private key and certificate) the attacker will not be able to craft a valid signature for the artifact, because the certificate has expired. The users are still able to validate the originally signed artifact, because the signature of this artifact has been created in the valid time frame of the certificate.

      • Ncat Linux command

        Hello friends. Knowing the Linux terminal and its commands is a basic task of any sysadmin or DevOps. Therefore it is always good from time to time to know new commands and their utilities. This will allow us to have new functions that can solve a problem at any time. So, in this post, you will learn about the ncat command.

      • How To Increase Disk Storage Size In VirtualBox Or VMware

        VirtualBox makes it simple to create virtual machines. When you create a virtual machine in VirtualBox or VMware, you must specify the size of the storage that will be used to install the operating system. I frequently allot a disc size that I later need to increase. In this article, we’ll learn to increase the Disk storage size of any Virtual machine in VirtualBox and VMware.

      • How get the best performance from the Nginx Server – Unixcop the Unix / Linux the admins deams

        You can tune almost any setting, but this post concentrates on the few settings for which tuning benefits the most users. There are settings that we recommend you change only if you have a deep understanding of NGINX and Linux. So, you will know How get the best performance from the Nginx Server

        HI Guys !, In this post we basically see the NGINX tuning using it’s configuration file which is situated at /etc/nginx/nginx.conf

        NGINX is well known as a high‑performance load balancer, cache, and web server, powering over 40% of the busiest websites in the world. For most use cases, default NGINX and Linux settings work well, but achieving optimal performance sometimes requires a bit of tuning. This blog post discusses some of the NGINX and Linux settings to consider when tuning a system.

      • How to Upgrade to AlmaLinux 8.5 – LinuxCapable

        AlmaLinux 8.5 is finally here and is codenamed Arctic Sphynx. The new version of the incoming AlmaLinux 8.5 is filled with many improvements such as Nginx 1.20, Node.js 16, Ruby 3.0, PHP 7.4.19, and many more new module streams and enhancements. Also included are an enhanced Cockpit web console and support for the recently released OpenJDK 17.

        Currently, this is in beta status and should not be installed or upgraded on production servers/systems or critical working environments. However, if you are game enough to try the new release, it is worth checking out.

        In the following tutorial, you will get a step-by-step walkthrough of how to upgrade an existing AlmaLinux 8.0 system to 8.5.

    • Games

      • ‘SteamWorld Dig 2′ GOG, Steam Free Download: Get Game Now Before 24-Hour Time Limit! | iTech Post

        Swedish game developer Thunderful Games has announced on Twitter that “SteamWorld Dig 2″ is now available to download for free and players will be able to keep it permanently. Unfortunately, only PC users will benefit from the said free download.

      • Forza Horizon 5 on Linux? There’s a Good Chance That You Can Play it Already – It’s FOSS News

        Forza Horizon 5 is a new racing video game developed by Playground Games and published by Xbox Game Studios.

        Before its official launch, it already had ~1 million players via the premium edition, which enabled early access to the game.

        While the game is breathtaking with its visuals and optimization for older hardware, it is yet another Windows-only game.

      • Shadow Tactics: Blades of the Shogun – Aiko’s Choice releases in December | GamingOnLinux

        Shadow Tactics: Blades of the Shogun – Aiko’s Choice from Mimimi Games is going to be releasing in December and they have a new trailer ready.

        This is the standalone addon that takes place after the original Shadow Tactics. Set in Japan around the Edo period, you take control of kunoichi adept Aiko and her deadly assassin friends to hunt down the ghosts of her past. The new trailer goes over the story so far up to the point where the story of Aiko’s Choice will set off. So keep in mind it’s probably a bit spoilery if you’ve not played the original game.

      • Valve’s hotly anticipated Steam Deck handheld gets delayed until 2022

        If you’re worried about losing your pre-existing reservation, don’t sweat it. Valve claims that existing reservation holders will keep their place in line. As for the timeframe of those reservation dates, that information will be coming shortly.

      • Valve Steam Deck delay ruins Christmas for countless Linux gaming nerds

        Do you hear that horrible sound? That’s the combined screams and howls of countless Linux gaming nerds learning the devastating news — the release of the Steam Deck video game console has been pushed to next year. In other words, anyone hoping to get the console under the Christmas tree this year will be left disappointed.

        If you aren’t familiar, the Steam Deck is a portable PC/gaming console hybrid that runs the Arch Linux-based “SteamOS” operating system which uses KDE Plasma. Similar to a Nintendo Switch Lite in design (but much bigger, heavier, and more powerful) it lets you play PC games in the palm of your hand. You can check out the specifications here.

        “The launch of Steam Deck will be delayed by two months. We’re sorry about this — we did our best to work around the global supply chain issues, but due to material shortages, components aren’t reaching our manufacturing facilities in time for us to meet our initial launch dates,” says Valve.

      • Supply chain shortages push Steam Deck out to February 2022

        Valve has said in a blog post that the first shipments of Steam Deck are now set to begin in February next year.

        “The launch of Steam Deck will be delayed by two months. We’re sorry about this — we did our best to work around the global supply chain issues, but due to material shortages, components aren’t reaching our manufacturing facilities in time for us to meet our initial launch dates,” the company said.

        Valve said customers would keep their place in the reservation queue, but the window will shift back two months.

        Announced in July, the Steam Deck is a portable, handheld PC that uses AMD silicon to run SteamOS 3.0, a new version of its OS based on Arch Linux, with KDE Plasma used for desktop mode. The Linux system will use its Proton compatibility layer to run games designed for Windows.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • Ole Aamot: Record Live Multiple-Location Audio immediately in GNOME Gingerblue 2.0.1

          GNOME Gingerblue 2.0.1 is available and builds/runs on GNOME 41 systems such as Fedora Core 35.

          It supports immediate, live audio recording in compressed Xiph.org Ogg Vorbis encoded audio files stored in the private $HOME/Music/ directory from the microphone/input line on a computer or remote audio cards through USB connection through PipeWire (www.pipewire.org) with GStreamer (gstreamer.freedesktop.org) on Fedora Core 34 (getfedora.org) as well as XSPF 1.0 playlist stored in the private $HOME/Music/GNOME.xspf playlist of the previous, latest recording.

          See the GNOME Gingerblue project (www.gingerblue.org) for screenshots, Fedora Core 35 x86_64 RPM package and GNU autoconf installation package (https://download.gnome.org/sources/gingerblue/2.0/gingerblue-2.0.1.tar.xz) for GNOME 41 systems and https://gitlab.gnome.org/ole/gingerblue.git for the GPLv3 source code in my GNOME Git repository.

    • Distributions

      • IBM/Red Hat/Fedora

        • Fedora considers removing NIS support

          For all of you youngsters out there, the Internet has always been omnipresent, computers are something you carry in your pocket, the Unix wars are about as relevant as the War of 1812, and the term “NIS” doesn’t ring a bell. But, for a certain class of Unix old-timer, NIS has a distinct place in history — and, perhaps, in still-deployed systems. So the suggestion that Fedora might drop support for NIS has proved to be a bit of a wakeup call for some.

          NIS (“Network Information Service”) was initially born in the depths of Sun Microsystems as “Yellow Pages”. It came about in those heady times when Unix workstations were beginning to pop up in offices — and were being connected to just-installed 10Mb/s Ethernet networks via a (suitably named for the Halloween season) vampire tap. Having a network made it possible to copy around various administrative files like /etc/passwd and create an early sort of single-sign-on regime on the local network. We were all quite proud of ourselves for setting such things up.

          As the number of systems grew, though, all of that copying became a little cumbersome and machines easily went out of sync. Yellow Pages was Sun’s way of automating this work within a simple, centralized service. Getting a network running with it was a quick process, and adding new clients was even faster. There were occasional problems, of course, leading to the system being renamed “Yellow Plague” by some users, but as a whole, it worked quite well. That is for a value of “quite well” that discounts its total lack of access control, encryption, or defenses against malicious hosts masquerading as servers, but that was a more innocent age.

          Sun eventually ran into trademark problems with the Yellow Pages name; being a Unix company, Sun had a deep understanding of the folly of getting into legal battles with telecommunications companies, so it wisely changed the name to NIS. The later NIS+ release added some security and reliability features but looked similar in many ways. Eventually, though, Sun lost interest in NIS (and just about everything else) and the system fell from its nearly dominant position in Unix shops into obscurity. It would be surprising indeed to see a new deployment adopt it now.

        • Red Hat Extends Foundation for Multicloud Transformation and Hybrid Innovation with Latest Version of Red Hat Enterprise Linux

          Red Hat, Inc., the world’s leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 8.5, the latest version of the world’s leading enterprise Linux platform. Red Hat Enterprise Linux offers a common, open operating system that extends across clouds, traditional datacenter operations and out to the edge. The platform enables IT teams to lean on existing skills while they use new and expanded capabilities to build the transformative applications and services required by their business, regardless of where these workloads may ultimately live.

        • Distribution Release: Red Hat Enterprise Linux 8.5
        • Red Hat Enterprise Linux 8.5 Officially Released, This Is What’s New

          Coming more than five months after Red Hat Enterprise Linux 8.4, Red Hat Enterprise Linux 8.5 is the fifth maintenance update to Red Hat Enterprise Linux 8 and brings various new features to RHEL’s web console, such as live kernel patching without using the command line tooling and enhanced performance metrics to help you identify and prevent performance issues.

        • Red Hat Enterprise Linux 8.5 Update Available to Download – itsfoss.net

          Red Hat Enterprise Linux 8.5 Update Available to Download, Red Hat has announced the availability of Red Hat Enterprise Linux (RHEL) 8.5, the lates update of the company’s commercial, enterprise-class Linux distribution with bundled customer support: “Red Hat Enterprise Linux (RHEL) 8.5 is now generally available. It brings new features and improvements to help streamline deployments, optimize performance and help mitigate risk in your environments.

        • How leaders can help teams fight fatigue: 7 practical tips

          We’ve all realized by now that burnout has played a major role in workplaces in 2021: The pandemic has been unrelenting. Burnout rose by almost 9 percent between April and July 2021, according to the Glint Employee Well-Being Report, a 12 percent increase from the prior July. In large part, this is due to the “always-on” work culture that many companies reinforced in 2020.

          While this topic has certainly been explored thoroughly, many leaders remain hungry for next-level advice with regard to preventing, recognizing, and dealing with burnout.

          Additionally, more employers are now taking responsibility for their role in helping individuals manage burnout – and trying fresh approaches. Maybe you gave advice at the start of the pandemic that rang true, or, possibly, turned out to be bad? What would you as a leader change about the advice you previously gave and what would you keep the same? Did you ask specific questions to assess burnout on an individual or team basis? Did you go beyond encouraging people to take PTO to ensure it was being taken? What was the outside-of-the-box solution that worked for your team?

      • Debian Family

        • Debian’s which hunt

          This long-present tool is often used at the command line to locate the binary for a program; scripts also use it for similar purposes, or to determine whether a given program is available at all. For many users, which has long been baked into muscle memory and is used reflexively at need.

          For all that, which is not a standardized component on Unix-like systems; POSIX does not acknowledge its existence. For that reason, among others, there are a number of implementations of which, each differing in its own special ways. Many distributions ship the GNU version of which, for example, with its characteristic long list of options. FreeBSD has its own version. Some shells also implement which as a built-in command. Debian ships yet another version, in the form of the aforementioned one-page shell script; it is part of the debianutils package.

          In August 2020, Erik Gustafsson noted that the FreeBSD version of which supports a -s flag that suppresses the printed output and sets the exit status based on the existence of the queried program. He thought that feature would be useful in Debian, and helpfully provided a patch adding that feature. Thus began the discussion of the value of which and whether Debian’s version should gain more features; at one point Clint Adams, the co-maintainer of debianutils, opined that which should be removed from that package.

          Fast-forward to one year later, and Boyuan Yang observed that the which command in the Debian unstable distribution now prints a deprecation warning saying that which is going away. This resulted in a fair amount of consternation (and requests for a reversion of the change) for a number of reasons, starting with the fact that many users simply expect to have which available to them. It turns out that a number of build scripts for Debian packages use which as well; as an extra annoyance, the printed deprecation warning breaks the build process for some packages. The amount of pressure applied to Adams to restore which began to increase.

      • Canonical/Ubuntu Family

        • XBrowserSync, A Free Bookmark Sync for Ubuntu Users

          Do you work with multiple Ubuntu computers? You might want to unify or sync all your browsers’ bookmarks into one, when you bookmarked something in one, all other browsers got the same and vice versa. You can do that freely and safely with XBrowserSync, a Firefox addon, with a secure service behind. To use XBrowserSync, follow the procedures below.

          XBrowserSync is a free software Firefox web browser addon, licensed under GNU GPL, as well as a bookmark synchronization service. It is available for Firefox and Chrome. Its official website is located at https://www.xbrowsersync.org.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • WebFileSys: A Web-based file Manager for your docs, photos, and videos

        WebFileSys is a web-based system that aims to aid users to manage their files, events, photos, videos, calendars, file sharing, GPS tracking, and more.

        The system is created by Frank Hoehnel a software developer from Germany who released it as an open-source project.

        WebFileSys has been around since early 2000s, it is still getting updates ever since.


        WebFileSys is released under GNU General Public License v3.0.

      • Web Browsers

        • Mozilla

          • SFS loading precautions in initrd

            A user may manually place SFS files under /mnt/wkg/sfs and may also delete them. If the firefox*.sfs file is deleted, for whatever reason, it means that if it was loaded in a container, that container is no longer valid.
            Yet, the “firefox” icon (with the lock symbol on it) was still on the desktop, and entry still in the menu. I have fixed that, invalid icons and menu entries removed.
            Same thing if an SFS is loaded on the main desktop. If the SFS no longer exists, then it can no longer be loaded at bootup, and menu entry must be removed. And, as in the case of firefox, /home/firefox will have to be deleted.

      • Programming/Development

        • Top 8 Programming Tools for Kids – LinuxLinks

          The Raspberry Pi created a lot of interest in the press for its low cost and credit-card size. The main reason for the creation of the Raspberry Pi was to see it used by kids all across the globe to learn programming. Computer classes in the UK have been constrained by the national curriculum for ICT, with students having to limit their computing activities to learning applications such as Word and PowerPoint, and using the internet to help with their school work. However, learning how to use Microsoft Office is often of little or no interest to students. Students are motivated by interactive activities such as programming, as they like to make things to find out how they work.

          The art of programming is often perceived as being a difficult activity. This is, in part, because coding can be quite unforgiving with lots of information to remember. It is not a simple activity such as surfing the net, or formatting paragraph text.

          Fortunately, there is a growing range of software, often open source, that helps students learn how to code. Stripping away the complexity, the programming languages and associated tools featured in this article aim to create new ways of helping students create projects that appeal to younger minds.

          To provide an insight into the quality of software that is available, we have compiled a list of 8 high quality programming tools that provide an ideal introduction to programming. Hopefully, there will be something of interest here for teachers and students alike.

        • Perl/Raku

          • My Favorite (?) Warnings – Ex-Warnings

            Warning categories have proliferated since the warnings pragma was first introduced in Perl 5.6: from 50 in Perl 5.6.2 to 79 in Perl 5.35.5 (the latest as of this writing). But warnings have been removed as well as added. This post documents these — mostly for historical interest on my part.

        • Rust

    • Standards/Consortia

      • The Monstrosity Email Has Become

        Email had become a monstrosity beyond reasonable comprehension while still having inherent flaws such as plain text sending. Every email out there is sent and stored in plaintext (we can easily agree that PGP/GPG use is anecdotical) and, through HTML and inline pictures, most of them are trying to track you to know when you open the email.

        The whole ecosystem is becoming even more and more centralised with some modern mail providers not offering the ability to get your mail out of the service at all, arguing, with reason, that IMAP sucks and does not permit some features (the hipsterish Hey! or the privacy-oriented Tutanota only provide you access to your email through their own proprietary webmail). You can’t even read your mail offline by design and nobody blink an eye.

  • Leftovers

    • Beacon on the Hill or the Heart and Soul of Darkness?

      Things started looking up one Christmas, when I received a much beloved Johnny 7 multiple fuck-with plastic gun. There were woods nearby and I would frolic for hours, pretending to be horseback, in search of baddies, who often looked like my foster father, a man who watched Lawrence Welk religiously and was quick to take off his belt and chase for smallest infractions of tongue. After he caught me, and beat me, he would put me up in the attic bedroom to weep myself to sleep. A drawer next to the bed held a cache of silver dollars, which went toward my recess funds that year. Looking back, I do now see capitalism in there somewhere; certainly my boy buns were colonized by a brute force.

      Why am I telling you all this?  Well, I’m an old fart, and a sentimentalist to boot (remember how that ends for Bogie in Casablanca? Gotta watch a surplus of the syrup if you want to keep your Ideal Feminine.) and I found myself (pats himself to be sure he’s still here) listening to an old John F. Kennedy speech. No, not the fuckin’ do ‘unto your country before it has a chance to do unto you’ speech that so many libertarians feed their resentment with. Nor the men on the moon by the end of the decade  “because we can” speech. But one far more important to our time now than any of the other speeches folks wrote for him back then (I lived with a Groton family whose Head wrote speeches for JFK). This speech or, as he referred to it, “remarks,” was titled “The President and the Press,” and runs about 20 minutes long.

    • Protest Song Of The Week: ‘Rising Seas’ By Midnight Oil

      No strangers to socially conscious music, veteran Australian rock band Midnight Oil speaks out against climate change with their latest single and video “Rising Seas.”The tune was released just in time for the United Nations Climate Change Conference (COP26).Doing what the band does best, the song is an urgent plea for real change. Politicians can’t just offer lip service; they need to take concrete action, as highlighted by the lyric: “Let’s confess we did not act with serious urgency. So, open up the floodgates to the rising seas.”

    • Science

      • An Astronomer Cancels His Own Research—Because the Results Weren’t Popular

        Of course, statistical analyses of real-world human data are always subject to the possibility that systematic biases can inappropriately skew the claimed results. And I would never suggest that Kormendy’s work is beyond criticism. But the traditional scientific manner of engaging in such criticism is that other scientists present alternative proposals, and explore other data sets, to search for possible flaws in the original analysis. That is how science should be done. Those who claim in advance, without new analysis or data, that someone else’s research results are “harmful” or threatening, without challenging its accuracy, should consider another profession.


        It is hard to know what specifically induced this kind of Maoist mea culpa. But Kormendy (or someone with authority over him) presumably was swayed by the online tempest. And an unfortunate effect will be that anyone observing how this played out will be warned off making their own inquiries in this field, for fear that they will meet the same fate. This is one reason why scientific articles should never be retracted simply because they might cause offense. Truth can hurt, but too bad.

    • Education

      • Prime minister: Remote learning effects cannot be compensated for in cash

        Tallinn has sent municipal school students in grades 4-8 to remote learning, extending the period by another two weeks from Tuesday. Kallas said the decision to send students on remote learning must take into account that it can have devastating effects on children. “That is what the [government's] scientific council has also said – children should be sent to remote learning only as the last option,” the prime minister said.

    • Hardware

      • 8″ Floppy On Your PC? | Hackaday

        We should probably have a new metric for measuring mass storage performance: bytes per pound. An old IBM tape drive from the S/360 days, for example, could hold almost 6 megabytes of data. It also weighed more than a typical refrigerator. Today, a tiny postage-stamp-sized card can hold gigabytes of data and weighs — at most — a few ounces. Somewhere in the middle is the old 8 inch floppy drive. At its peak, you could cram about 1.2 megabytes on it, but even with the drive you could lift it all in one hand. These disks and their descendants ruled the computing world for a while. [Adrian asks the question: can you use an 8″ floppy drive on a PC? The answer is in the video below.

        He didn’t do it on a lark. [Adrian] is getting ready to restore a TRS-80 Model II so he wanted to create some 8″test floppies. But how do you marry a 40-something-year-old drive to a modern computer? He had a few drives of unknown condition so there was nothing to do but try to get them working.

    • Health/Nutrition/Agriculture

      • Does Reversal of Historic Opioid Ruling in Oklahoma Spell Trouble for Climate Liability Suits?

        The Oklahoma Supreme Court on Tuesday threw out a landmark 2019 ruling that required Johnson & Johnson to pay the state nearly half a billion dollars to help address the opioid epidemic, and according to some critics, it may have paved the way for judges elsewhere to invalidate similar lawsuits as well as those seeking to hold the fossil fuel industry accountable for propelling the climate crisis.

        “Are these two outlier opinions or are they trendsetters?”

      • ‘Historic and Momentous Day’ as Judge OKs $626 Million Flint Water Crisis Settlement

        While stressing that no amount of money could fully compensate for the irreparably damaged health of thousands of Flint, Michigan residents who suffered lead poisoning due to cost-cutting measures by an unelected city manager, advocates hailed a federal judge’s final approval on Wednesday of a $626 million settlement as a crucial step toward “justice served.”

        “None of this would have been possible without the tireless advocacy from residents, who never gave up the fight.”

      • Flint water crisis: $626m settlement reached for lead poisoning victims

        Most of the money will go to the city’s children exposed to drinking poisoned water, affected adults, business owners and anyone who paid water bills.

        At least 12 people died after Flint switched its water supply to the Flint river in 2014 without treating the corrosive water to save money.

        As a result, lead in some old pipes broke off and flowed through taps.

        An outbreak of Legionnaires’ disease followed, and nearly 100,000 residents were left without safe tap water.

      • “Drinking through a lead straw” — $15B approved to fix dangerous water pipes

        No one knows exactly how many lead pipes deliver water to homes, schools and businesses throughout America — or even where they all are. The Environmental Protection Agency estimates at least 6 million lead service lines exist. Environmental groups say it’s probably many more.

        What is known is that with every pot of boiling sweet potatoes, bottle of reconstituted baby formula or sip of tap water delivered through lead pipes, millions of Americans risk ingesting lead, a powerful neurotoxin long known to cause irreversible organ and cognitive damage in children and adults.

      • Pre-existing polymerase-specific T cells expand in abortive seronegative SARS-CoV-2

        Individuals with potential exposure to SARS-CoV-2 do not necessarily develop PCR or antibody positivity, suggesting some may clear sub-clinical infection before seroconversion. T-cells can contribute to the rapid clearance of SARS-CoV-2 and other coronavirus infections1–3. We hypothesised that pre-existing memory T-cell responses, with cross-protective potential against SARS-CoV-24–11, would expand in vivo to support rapid viral control, aborting infection. We measured SARS-CoV-2-reactive T-cells, including those against the early transcribed replication transcription complex (RTC)12,13, in intensively monitored healthcare workers (HCW) remaining repeatedly negative by PCR, antibody binding, and neutralisation (seronegative HCW, SN-HCW). SN-HCW had stronger, more multispecific memory T-cells than an unexposed pre-pandemic cohort, and more frequently directed against the RTC than the structural protein-dominated responses seen post-detectable infection (matched concurrent cohort). SN-HCW with the strongest RTC-specific T-cells had an increase in IFI27, a robust early innate signature of SARS-CoV-214, suggesting abortive infection. RNA-polymerase within RTC was the largest region of high sequence conservation across human seasonal coronaviruses (HCoV) and SARS-CoV-2 clades. RNA-polymerase was preferentially targeted (amongst regions tested) by T-cells from pre-pandemic cohorts and SN-HCW. RTC epitope-specific T-cells cross-recognising HCoV variants were identified in SN-HCW. Enriched pre-existing RNA-polymerase-specific T-cells expanded in vivo to preferentially accumulate in the memory response after putative abortive compared to overt SARS-CoV-2 infection. Our data highlight RTC-specific T-cells as targets for vaccines against endemic and emerging Coronaviridae.

    • Integrity/Availability

      • The Surreal Horror of PAM

        Et voila! C’est le PAM! Turns out someone else a long time ago had the same problems and somehow got legal to sign off on making it open source! PAM is a modular system for making authentication and authorization work.

        For reference, authentication and authorization are being split up into two concepts here (like they are in a lot of the industry). We’re gonna take a page out of the white hat’s guide to security here and call these concepts authentication (who you are and how we know who you are) and authorization (can you really take all the money out of the bank account?). It is a solid 90’s solution to a 70’s problem and good god it shows.

        PAM was made in the 90’s by this little startup nobody here has heard of called Sun Microsystems. They had a problem where they had a bunch of machines to apply complicated authentication rules to (all thanks to those pesky enterprise contracts) and no way to really do it. Money won this valiant fight between engineering and sales, so we ended up with PAM.

      • Proprietary

        • [Old] The AARD Code

          Some programs and drivers in some pre-release builds of Windows 3.1 include code that tests for execution on MS-DOS and displays a disingenuous error message if Windows is run on some other type of DOS. The message tells of a “Non-fatal error” and advises the user to “contact Windows 3.1 beta support”. Some programs in the released build include the code and the error message, and even execute the code, performing the same tests, but without acting on the result to display the error message.

          The code in question has become known widely as the AARD code, named after initials that are found within. Although the AARD code dates from the start of the 1990s, it returned to controversy at the end of the 1990s due to its appearance in a suit at law between Caldera and Microsoft. Caldera was by then the owner, after Digital Research and Novell, of what had been DR DOS. It has ever since been treated as a smoking gun in analyses of anti-competitive practices by Microsoft.

          It is not my intention here to comment on the rights or wrongs that I may or may not perceive in the AARD code’s existence. However, I must declare a financial interest: in 1999 when this note was first published, I was engaged indirectly by Caldera to assist with their understanding of MS-DOS and Microsoft Windows for the suit just mentioned.

          What I do intend here is to put on the public record a few points of history.

        • [Old] The AARD Code and DR DOS

          Not until 30th May 1993 did I learn that the error message had hit DR DOS specifically. This was from Andrew Schulman, who had himself learnt only weeks before: see FTC MOVES TO FOCUS MICROSOFT ANTITRUST CASE by Wendy Goldman Rohm from the Chicago Tribune on 10th May 1993. There then came quickly Andrew’s article Examining the Windows AARD Detection Code in Dr. Dobb’s Journal, September 1993, and repeated discussion in Undocumented DOS, Second Edition, ISBN 0-201-63287-X, co-authored by Andrew for Addison-Wesley in 1994. By the late 1990s, the AARD code had no small role in a court case, Caldera, Inc. v. Microsoft Corp., 72 F. Supp.2d.1295 (D. Utah 1999), which Caldera, who was by then the owner of DR DOS after Digital Research and Novell, brought against Microsoft “for damages and injunctive relief under the antitrust laws of the United States, and for damages in tort”.

          The AARD code has ever since been for many some sort of pin-up for anti-competitive practices by Microsoft.

        • Pseudo-Open Source

        • Security

          • SMS About Bank Fraud as a Pretext for Voice Phishing

            Most of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

          • Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

            Dependency confusion compromises the open source software ecosystem by tricking end-users, developers and automation-systems into installing a malicious dependency instead of the correct one they intended to install, resulting in the compromise of their software.

          • 8 dangerous vulnerabilities fixed in Samba

            Published corrective releases package Samba 4.15.2, 4.14.10 and 4.13.14 with the elimination of 8 vulnerabilities, most of which can lead to a complete compromise of the Active Directory domain. It is noteworthy that one of the problems were corrected in 2016, and five – from 2020, though one correction led to the inability to run winbindd in the presence settings “allow trusted domains = no” (the developers intend to promptly publish another update to fix). The release of package updates in distributions can be tracked on the pages: Debian , Ubuntu , RHEL , SUSE , Fedora , Arch ,FreeBSD .

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Trojan Source: tricks (no treats) with Unicode

              A new security vulnerability that was disclosed on November 1 has some interesting properties. “Trojan Source”, as it has been dubbed, is effectively an attack on human perceptions, especially as they are filtered through the tools used for source-code review. While the specifics of the flaw are new, this kind of trickery is not completely novel, but Trojan Source finds another way to confuse the humans who are in the loop.

              The Trojan Source paper by Nicholas Boucher and Ross Anderson of the University of Cambridge describes the vulnerability, its impact, and the process of coordinating its disclosure in detail. In part, the flaw exploits Unicode code points that are used to switch between left-to-right and right-to-left display of bidirectional text in ways that will cause various tools to show the code in a different order than it will be processed by compilers and interpreters. That has the effect of showing code to reviewers that looks perfectly reasonable, while feeding something dangerous to language-parsing tools.

          • Privacy/Surveillance

            • Seven Years After Discovering Rogue Stingray Devices In DC, The Federal Gov’t Still Doesn’t Have Any Idea What To Do About It

              Seven years ago, wardriving security researchers discovered rogue cell tower simulators being operated near sensitive locations in Washington, DC, presumably by foreign governments.

            • Blacklisting the Merchants of Spyware

              Russian company Positive Technologies and the Singapore-based Computer Security Initiative Consultancy also made the list “based on a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.”

              The move had a measure of approval in Congress. “The entity listing signals that the US government is ready to take strong action to stop US exports and investors from engaging with such companies,” came the approving remarks in a joint statement from Democrat House Representatives Tom Malinowski, Anna Eshoo and Joaquin Castro.

            • Ninth Circuit: Surveillance Company Not Immune from International Lawsuit

              The court rightfully determined that, because  the NSO Group is a private company, it is not immune from the lawsuit even though it serves foreign government clients.

              Almost a year after EFF attorneys filed a brief with the Ninth Circuit in support of WhatsApp’s lawsuit against the notorious Israeli spyware company NSO Group, the court issued a ruling that the company is not immune from the lawsuit alleging NSO helped its client governments target members of civil society, including Rwandan political dissidents and a journalist critical of Saudi Arabia.

              The court rightfully determined that, because the NSO Group is a private company, it is not immune from the lawsuit even though it serves foreign government clients. The court addressed an open question in the case law. It has been clear that the Foreign Sovereign Immunities Act (FSIA) by its terms only applies to corporate entities owned by foreign governments. But there was an open question as to whether private corporations, whose clients are foreign governments, may invoke immunity based in common law, the rules described by court opinions rather than enacted by Congress. The Ninth Circuit said no. It held that Congress intended the statute to comprehensively address the foreign sovereign immunity of corporations, and thus the FSIA forecloses applications of immunity to corporations via common law.

            • Data Broker Veraset Gave Bulk Device-Level GPS Data to DC Government

              The officials accepted the offer, according to public records obtained by EFF. Over the next six months, Veraset provided the District with regular updates about the movement of hundreds of thousands of people—cell phones in hand or tucked away in backpacks or pockets—as they moved about their daily lives. The DC Office of the Chief Technology Officer (OCTO) and The Lab @ DC, a division of the Office of the City Administrator, accepted the data and uploaded it to the District’s “Data Lake,” a unified system for storing and sharing data across DC government organizations. The dataset was only authorized for uses related to COVID research, and there’s no evidence that it has been misused. But it’s unclear to what extent the policies in place bind the use or sharing of the data within the DC government.

              This is far from the only instance of data sharing between private location data brokers and government agencies. Reports at the beginning of the pandemic indicated that governments around the world began working with data brokers, and in the documents we obtained, Veraset said that it was already working with “a few different agencies.” But to our knowledge, these documents are the first to detail how Veraset shared raw, individually-identifiable GPS data with a government agency. They highlight the scope and sensitivity of highly-invasive location data widely available on the open market. They also demonstrate the risk of “COVID-washing,” in which data brokers might try to earn goodwill by giving away their hazardous product to public health officials during a health crisis.

              When asked to comment on the relationship, Sam Quinney, director of The Lab @ DC, gave the following statement:

            • German Police: Interventions more than doubled after exchange of passenger data

              The EU PNR Directive is leading to more and more interventions by the German authorities. An extension to rail, bus and ship travel is not yet off the table, but before that the Court of Justice in Luxembourg will rule on the legality of the law. Similar agreements with Canada and Japan are apparently no longer coming into being.

            • ‘We see everything’: Movie theater worker reveals how employees know when you are doing ‘the nasty’ in the theater

              Based on her orange-rimmed hat, it appears that the TikToker is an employee at a Vue theater location. The video appears to be filmed from an employee-only space, where @.no1headache sits eyeballing a screen displaying multiple views from a range of security cameras. The cameras appear to show the seating area of every theater in the cinema.

            • Project Panoptic has partnered with Amnesty International & Article 19 to launch #BanTheScan in India

              On November 10, 2021, Project Panoptic, partnering with Amnesty International and Article 19 launched the India edition of their global #BanTheScan campaign for Hyderabad. The city – one of the most surveilled cities in the world – has begun construction of an ominous ‘Command and Control Centre’ (CCC), intended to connect the state’s vast facial recognition-capable CCTV infrastructure in real time. In addition, Project Panoptic has found that Telangana state has the highest number of facial recognition technology (FRT) projects in India.

              “Hyderabad is on the brink of becoming a total surveillance city. It is almost impossible to walk down the street without risking exposure to facial recognition” said Matt Mahmoudi, Amnesty International’s AI and Big Data researcher. “In addition to CCTV, we are concerned that law enforcement’s practice of using tablets to stop, search and photograph civilians without charge could be used for facial recognition.”

              “Facial recognition technology can track who you are, where you go, what you do, and who you know. It threatens human rights including the right to privacy, and puts some of the most vulnerable in society at risk. The construction of the CCC has chilling consequences for the right to freedom of expression and assembly.” said Quinn McKew, Executive Director at ARTICLE 19.

    • Defence/Aggression

      • ‘The World Is Waiting’: Biden Urged to Reverse Trump Landmine Policy, Join Global Treaty

        As a benchmark report on worldwide landmine casualties showed a 21% increase in deaths and injuries in 2020, one of the paper’s editors on Wednesday renewed calls for the Biden administration to reverse a Trump-era policy allowing the U.S. to use anti-personnel mines and join 164 nations in adopting the historic Mine Ban Treaty.

        “To help prevent further landmine casualties, the United States should join the Mine Ban Treaty without delay.”

      • The US is Set to Make Nuclear War More Likely

        What this means, as explained in a new article in Popular Mechanics, is that the world’s most costly weapons program (at $1.7 trillion), a fifth-generation fighter, supposedly “invisible”  to radar (that actually cannot fight and is not invisible to advanced radars), now has a new mission to justify its existence and continued production:  dropping dial-able “tactical” nuclear weapons that can be as small as 0.3 kilotons or up to 50 kilotons in explosive power.

        Now 0.3 kilotons is “just” the equivalent of 300 tons of dynamite, which supposedly makes them “useable,” meaning not holocaust-causing (that is assuming that some country backing the targeted country doesn’t decide to respond in kind and we go up the escalation ladder quickly to ever bigger bombs. Meanwhile,  \ dialed up to its maximum 50-kiloton power each F35A bomb would be significantly more than twice as powerful as the nuclear bomb that leveled Nagasaki.

      • Reining in the Pentagon: Can It Really be Done?

        After all, in its consideration of the bill that authorizes such budget levels for next year, the Democratic-controlled House of Representatives recently voted to add $25 billion to the already staggering $750 billion the Biden administration requested for the Pentagon and related work on nuclear weapons at the Department of Energy. By any measure, that’s an astonishing figure, given that the request itself was already far higher than spending at the peaks of the Korean and Vietnam Wars or President Ronald Reagan’s military buildup of the 1980s.

        In any reasonable world, such a military budget should be considered both unaffordable and deeply unsuitable when it comes to addressing the true threats to this country’s “defense,” including cyberattacks, pandemics, and the devastationalready being wrought by climate change. Worst of all, providing a blank check to the military-industrial-congressional complex ensures the continued production of troubled weapon systems like Lockheed Martin’s exorbitantly expensive F-35 Joint Strike Fighter, which is typically behind schedule, far above projected costs, and still not considered effective in combat.

      • Belarus migrants: What routes do they use to reach Minsk?

        A recent BBC investigation found that a network of travel firms and smugglers, often using social media, are able to organise flights and visas for Belarus as part of a package deal.

      • How Britain Aids Saudi Massacres in Yemen, with Phil Miller
      • Ilhan Omar Is Working to Stop ‘Unacceptable’ $650 Million Weapons Sale to Saudi Arabia

        Congresswoman Ilhan Omar said Wednesday that she is working on legislation to stop a $650 million missile sale to Saudi Arabia that the U.S. State Department announced last week.

        Criticism of the weapons sale has mounted since the State Department notified Congress that it approved the deal, with anti-war activists and other progressives accusing the Biden administration of breaking promises and exacerbating the Saudi-led war in Yemen.

    • Transparency/Investigative Reporting

      • Digital Transparency: A Right to Information Report for October 2021

        Since our last report for the month of September, IFF has filed 49 RTI requests. Here, we give you an overview of the requests filed and an analysis of the responses we have received from the different public authorities. This report highlights why demanding transparency and accountability from government authorities is one of the key elements in our fight to protect digital rights.

      • IFF files a Writ Petition against MHA’s refusal to provide information on electronic surveillance orders issued under the IT Act

        We filed six RTI applications in December 2018 seeking information about Electronic Surveillance orders passed under Section 69 of the IT Act. The information was, at first, denied on the grounds of national security. Thereafter, on appeal, when the matter was remanded back, the information was denied on the new ground that records pertaining to the information sought were destroyed as per ‘extant’ provisions (without providing the provision). When we, further, appealed against this order in August 2021 before the Chief Information Commissioner (‘CIC’), we did not get any date for hearing which we understand is due to the huge case pendency and unfilled vacancies in the CIC, owing to which the matters are only being listed after two years of filing. Three years have passed since the filing of the RTI applications, and we apprehend that the information sought is being continuously destroyed during the pendency of the RTI proceedings. Therefore, we have approached the Delhi High Court to expedite the process and to seek information on Electronic Surveillance, which impacts the fundamental rights of all citizens of the country.

    • Environment

      • Campaigners Rip New COP26 Draft as a ‘Polite Request’ for Climate Action Amid Existential Crisis

        A new COP26 draft decision text unveiled Wednesday was roundly panned by climate campaigners as badly inadequate to the task of slashing global greenhouse gas emissions, which are pushing the planet toward a catastrophic 2.4°C of warming by the end of the century.

        “Negotiators shouldn’t even think about leaving this city until they’ve agreed to a deal that meets the moment.”

      • A Political Campaign Tool Adapted to Recruit Enviro Activists

        Local volunteer environmental groups, of all sizes from both the east and west coasts, developed a way to persuade their inactive members to become active volunteers.  The approach is a variation of the method political organizers use in most state and federal political campaigns to generate crowds at rallies, recruit teams to knock on doors and staff phone banks. Wilderness activists, who were also experienced political campaign managers, developed the procedure for environmental campaigns. In political campaigns, organizers recruit volunteers from lists of the party’s most motivated registered voters, but local environmental groups recruit them from their own membership lists.

        The secret is hidden in every organization’s membership list

      • “Nice” Isn’t Going to Save the Planet

        The reality is that climate activists spent decades politely asking for the world’s leaders to please act on this thing that is going to kill millions. They held respectful dialogue in respectable forums. They produced charts and came up with a plethora of acceptable solutions that, had they been enacted on a reasonable timescale, would not have posed a dramatic threat to the status quo. Over and over again, they met bad faith actors in good faith. And in response they were lied to, and saw little meaningful action. Is political corruption civil? Is it polite for a senator to risk dooming the planet before sailing off on the yacht he bought with the half a million dollars he earns every year from the fossil fuel industry?

      • “Nice” Isn’t Going to Save the Planet

        This column is part of Covering Climate Now, a global journalism collaboration cofounded by Columbia Journalism Review and The Nation to strengthen coverage of the climate story.

      • ‘We’re Several Days Late and Many Dollars Short in Getting Ahead of Climate Catastrophe’

        Janine Jackson interviewed Michael K. Dorsey about the climate summit for the November 5, 2021, episode of CounterSpin. This is a lightly edited transcript.

      • “A Process of Violence”: Indian Author Amitav Ghosh on How Colonialism Fueled the Climate Crisis

        As talks at the Glasgow U.N. climate summit accelerate, we look at how the roots of the climate crisis date back to Western colonialism with award-winning Indian author Amitav Ghosh, who examines the violent exploitation of human life and the natural environment in his new book, “The Nutmeg’s Curse: Parables for a Planet in Crisis.” Ghosh speaks about the political significance of fossil fuels in global politics, saying that “if fossil fuels were to be completely substituted at scale, what you would have is the complete inversion of the world’s geopolitical order.” Ghosh’s previous books include “The Great Derangement: Climate Change and the Unthinkable” and the novel “Gun Island.”

      • COP26 Paralysis: Climate Shame

        It is now sold as a luxury to see Antarctica, where passengers can walk offshore “on the sea ice to watch penguin chicks hatch, see the arrival of seal pups and humpback whales”, on cruises probably affordable because of offshore tax havens.

        The “Antarctica in Depth” Scenic Eclipse cruise starts from earlybird $19,701, and the Antarctica, South Georgia and Falkland Island earlybird $28,855. The “truly all-inclusive” provides each guest with private butler service, “immersive dining” and “private dégustation”, “separate sleep zone”, indulgent 5,920 sq ft Senses Spa, Scandinavian inspired outdoor vitality pools, and more.

      • The Global Climate Wall: Wealthy Nations Prioritize Militarizing Borders Over Climate Action

        The world’s richest countries have responded by militarizing their borders and treating the humanitarian crisis as a security issue. NATO Secretary General Jens Stoltenberg attended this year’s U.N. climate summit, marking the first time a top alliance leader came to the climate talks since they began. On Tuesday, U.S. House Speaker Nancy Pelosi at COP26 raised the issue of security during a press conference. “The richest countries are building a climate wall against the consequences of climate change rather than dealing with the causes and rather than providing the money that would enable people to stay,” says Nick Buxton, with the Transnational Institute and co-author of their new report, “Global Climate Wall: How the world’s wealthiest nations prioritise borders over climate action.” We also speak with Santra Denis, executive director of the Miami Workers Center, about the focus of the It Takes Roots grassroots delegation at COP26. She says that in order to protect frontline communities and workers, the U.S. should focus on investing in low-carbon and adaptation industries instead of border control.

      • This Will Set Africa on Fire: Nnimmo Bassey of Nigeria Blasts Progress of Talks at U.N. Climate Summit

        Today a draft agreement at COP26 was released, calling on nations to accelerate the phasing out of coal and fossil fuel subsidies and make pledges to cut emissions by the end of 2022. The draft also urges wealthy nations to “urgently scale-up” financial support for developing countries to help them adapt to the climate crisis. This comes as a new report by the group Climate Action Tracker estimates world temperatures are on track to rise by 2.4 degrees Celsius above preindustrial levels based on current pledges to cut emissions — far higher than the 1.5 degree goal set in the 2015 Paris Agreement. To discuss the latest developments at COP26, we speak with Nigerian environmental activist and poet Nnimmo Bassey. “There’s no force behind what’s being proposed,” says Bassey, who adds that the current trajectory of negotiations will have devastating effects on Africa. “That means setting the continent on fire. It is just sacrificing the continent.” Bassey also discusses the role of China in Africa and the impact of the climate crisis on the continent. He has attended climate summits for years but says this may be his last one.

      • As Average Temperatures Rise, Workers Will Finally Get Protection From Extreme Heat

        When Maria Pineda, who goes by Letty, arrived in Florida from El Salvador in 1994, she wasn’t documented and didn’t speak the language, so she didn’t have many employment options. She started working in agriculture, harvesting ferns to be sold to florists. She was paid by the piece, not by the hour. She needed the money. “No trabajas, no comes,” she said: You don’t work, you don’t eat. She made just enough to cover rent and her necessities.

      • Opinion | Beware the ‘Climate-Stupid Agriculture’ of Bill Gates and His Allies

        As world leaders wrap up the UN Climate Summit in Glasgow, new scientific research shows that there is still a great deal of magical thinking about the contribution of fertilizer to global warming.

      • Opinion | Who Is the World’s Greatest Climate Champion? (Hint: Not the United States)

        This story is part of Covering Climate Now, a global journalism collaboration strengthening coverage of the climate story.

      • Chinese Fossil Fuel Investments in Africa

        Many African governments seek Chinese assistance through the Belt and Road Initiative (BRI) to bridge the continent’s infrastructure gap, while China in turn seeks access to a number of key strategic resources, including fossil fuels, minerals, and also access largely untapped markets. In addition to being rich in natural resources, some African countries attract Chinese interest because of relatively cheap labor, poor governance, and lax environmental standards. In 2017, McKinsey reported that more than 10,000 Chinese companies are likely operating throughout Africa.

        The amount of money involved is staggering. According to a 2021 report from the Shanghai University of International Business and Economics, China has since 2000 invested a total of $47 billion throughout Africa (in 52 out of 54 countries), with new investments adding up to $2.96 billion in 2020 (an increase of over $200 million from the previous year). The vast majority of Chinese investment—87 percent—has been concentrated in four sectors: energy, transport, metals, and real estate. China’s Export-Import Bank provides much of the financing for infrastructure projects in Africa, but a number of commercial banks have also established branches throughout the continent.

      • Climate Coalition Demands Biden Halt ‘Outrageous’ Offshore Drilling Auction—Largest in US History

        As the Biden administration prepares to auction off more than 80 million acres in the Gulf of Mexico for fossil fuel extraction, over 250 advocacy groups published an open letter on Wednesday imploring U.S. President Joe Biden to cancel the sale and fulfill his promises of bold climate action.

        “Aside from breaking a campaign promise to ban new oil and gas leasing on public lands and waters, the Biden administration also violated federal law in deciding to open more of the Gulf to offshore drilling.”

      • Opinion | For Rich Countries to Honor Their Climate Debt, We Must Better Tax Multinationals

        For once, most of the debtors are not in Africa, but in the North. I am not talking money, but about climate debt, as natural disasters are multiplying and the fight against climate change has become an existential issue. Since industrialized countries have used the available atmospheric space to develop and get rich by exploiting fossil fuels, the United Nations Climate Change Conference (COP26)—that is coming to end in Glasgow right now—must be an opportunity to recognize this climate debt to Africa, and to developing countries in general, and to honor it.

      • Petition From 14 Youth Leaders Says UN Must ‘Declare a Systemwide Climate Emergency’

        A group of 14 youth climate leaders including Swedish activist Greta Thunberg filed a legal petition on Wednesday imploring the United Nations to “declare a systemwide climate emergency,” a push that came amid growing anger over the milquetoast pledges emerging from the COP26 summit.

        “The United Nations connects the entire world together, and we need global action on the climate crisis.”

      • In COP26 Speech, Climate Justice Leader Vows Global Movement ‘Will Change History’

        Declaring that “it is ordinary people who change history,” climate and social justice campaigner Asad Rehman on Wednesday gave a brief but searing indictment of rich nations that are “deliberately sacrificing the poor for profit.”

        Rehman, executive director of anti-poverty group War on Want and a spokesperson for the climate justice COP26 Coalition, delivered the remarks at a high-level segment of the United Nations Climate Change Conference underway in Glasgow, Scotland.

      • ‘A Welcome Step Forward’: Climate Groups Cautiously Greet New US-China Pledge

        Campaigners at global advocacy groups on Wednesday welcomed a surprise joint statement from the U.S. and Chinese governments about “enhancing climate action in the 2020s” while also calling on both countries to actually deliver on their promises.

        “It’s always welcome news when the world’s two biggest emitters cooperate on climate change.”

      • Energy

        • Climate Denial Campaigner Attempts to Discredit COP26 With False Diesel Power Claims

          The head of policy at the UK’s principal climate science denial group has been criticised for spreading false rumours about the use of diesel-powered generators at COP26, with environmental experts branding his viral tweet “desperate”.

          Harry Wilkinson, one of several climate science deniers at the Glasgow summit, suggested that the conference was relying on polluting diesel generators in an effort to highlight the supposed hypocrisy of the event.

        • [Cryptocurrency] criminals are blackmailing Instagram users into swindling friends

          The technique is chronicled in a report by Motherboard. There are a few variations, but it essentially boils down to three steps. First, a malefactor gets ahold of an Instagram user’s account information, either via sending a phishing link with a fake login page or by finding a reused password from one of the near-constant security breaches already available. Then the thief contacts the account holder and forces them to record a video of themselves, recommending their followers invest money with “a friend.” The video claims that you can quickly triple your investment via Bitcoin or other get-rich-quick schemes. The criminal promises to return control of the account to its rightful owner upon completion. The victim posts the coerced video with a payment link, their followers are swindled out of huge sums of money via cryptocurrency or purchases or simple money transfers, and the criminal disappears — generally without returning the Instagram account.

        • Hostage-Style Bitcoin Scam Videos Are Spreading Across Instagram

          The news follows Motherboard reporting last week on how a scammer forced one victim to film a video with the promise of getting their money back after sending the fraudster Bitcoin. After filming the video, however, the scammer broke into the victim’s Instagram account and sent the video to their friends and posted it from their profile to try and scam others. After we published the story, more Instagram users got in touch with Motherboard saying they’ve been [cracked] and forced to shoot similar videos, indicating the issue appears to be more widespread on the social network with victims describing personal, professional, reputational, and financial damage. Multiple victims also complained about the troublesome Instagram account recovery process and the lack of direct communication from the company.

      • Wildlife/Nature

    • Finance

      • Predators With Badges

        Undeniably, the blowback from COVID-19 lockdowns and mandates continues to reverberate around the country, impacting the nation’s struggling workplaces, choking the economy and justifying all manner of authoritarian tyrannies being inflicted on the populace by state and federal governments.

        Yet while it is easy to be distracted by political theater, distressed by the COVID-19 pandemic, and divided over authoritarian lockdowns and mandates, there are still darker forces afoot that cannot—should not—must not be ignored.

      • The Latest Version Of Congress’s Anti-Algorithm Bill Is Based On Two Separate Debunked Myths & A Misunderstanding Of How Things Work

        It’s kind of crazy how many regulatory proposals we see appear to be based on myths and moral panics. The latest, just introduced is the House version of the Filter Bubble Transparency Act, which is the companion bill to the Senate bill of the same name. Both bills are “bipartisan,” which makes it worse, not better. The Senate version was introduced by Senator John Thune, and co-sponsored by a bevy of anti-tech grandstanding Senators: Richard Blumenthal, Jerry Moran, Marsha Blackburn, Brian Schatz, and Mark Warner. The House version was introduced by Ken Buck, and co-sponsored by David Cicilline, Lori Trahan, and Burgess Owens.

      • CBO’s Exclusion of IRS Boost Could Help Right-Wing Dems Tank Biden Agenda

        The Build Back Better Act includes increased funding for Internal Revenue Service enforcement, which the Biden administration has taken into account when saying that the legislation will raise enough money to fully offset spending, but the Congressional Budget Office is expected to omit the projected boost in tax collection from its forthcoming estimate of the fiscal impact of the 10-year, $1.75 trillion social infrastructure and climate package.

        The exclusion could be significant because the more transformative part of President Joe Biden’s legislative agenda has been put in jeopardy by five right-wing House Democrats who last week made their support for the Build Back Better (BBB) Act contingent on receiving fiscal information from the CBO that matches existing estimates provided by the White House.

      • GOP Billionaire to Hold Fundraiser for ‘Great American’ Joe Manchin

        “When billionaires take over our elections, we get a country that bends to their will.”

      • What’s Really Driving Inflation? Corporate Power

        If markets were competitive, companies would seek to keep their prices down in order to maintain customer loyalty and demand. When the prices of their supplies rose, they’d cut their profits before they raised prices to their customers, for fear that otherwise a competitor would grab those customers away.  

      • Green Jobs Shouldn’t Leave Black and Brown Workers Behind

        The climate crisis is here—the historic wildfires that swept the West and New York City’s deadly flooding are just some of the weather disasters that hit nearly one in three Americans over the summer. Though the federal government finally seems on the verge of partially confronting climate change through Congress’s infrastructure and reconciliation bills, these solutions are incomplete.

      • News Alert: Dads Have a Role to Play in the Paid-Leave Fight, Too

        There is a perception that paid parental leave is a “women’s” issue. We see that perception from Republicans when they ridicule Transportation Secretary Pete Buttigieg for taking time off to welcome his new babies, but we also see it from Democrats when they scramble to put paid leave back into their spending bill (which never should have been taken out in the first place) only after advocates go ballistic and their party gets curb-stomped by white women in Virginia. The conventional wisdom is that paid parental leave (which is still simply called “maternity leave” by people who take pride in not learning new words) is primarily a social benefit to women.

    • AstroTurf/Lobbying/Politics

      • Give Capital What It Wants…or Else

        Two seemingly separate news stories are darkly and intimately related to each other in ways that you will not see intelligently discussed on “Meet the Press” or “Washington Week.”

        The first story is the fascist ogre Donald Trump continuing to run free and menace the nation even after having been impeached twice during a white-supremacist presidency that included:

      • Who Is Really Surprised the Democrats Got Their Ass Kicked?

        The Democrats took the U.S. Presidency, Senate, and House in 2020 (with HUGE support for the National AFL-CIO) largely promising to move forward an expansive, progressive, pro-Union agenda. They, as a Party, claimed to support the PRO Act, livable wages, paid family medical leave, free public college, student loan forgiveness, protection of voting rights, tax increases on the rich (not working people), and major environmental action. And, now, a year later, what have we achieved? The answer, beyond the temporary child tax credit, is VERY LITTLE.

        And here, lets be honest…The PRO Act (which is a transformational pro-Labor bill that seeks to right the power imbalance between workers and bosses) is DEAD. Comprehensive voting rights looks dead. The 6 trillion social spending bill has been eviscerated down to under two trillion and now amounts to a universal pre-K bill (with a few good but limited other priorities tucked in), and even this modest bill’s fate still seems in question. And, while the infrastructure bill (also greatly reduced from its original scope) will likely pass (eventually), in isolation, it’s far too little too late. And, if this infrastructure bill is all that passes, it will be impossible to argue that the first year of Democratic Party rule has been anything other than an abject failure and disappointment for Unions, working-class people, progressives, and those National AFL-CIO officers who put all our eggs in the basket of the Democratic Party.

      • Opinion | Putting India Walton’s Campaign for Mayor of Buffalo in Context

        India Walton—the progressive, working class, 39-year-old, Black mother-of-four who stunned Buffalo’s Democratic establishment with her June 2021 upset win in the Mayoral Primary Election—appears to have lost her bid to become the city’s Chief Executive. As of this writing, she’s received 41% of the General Election vote, with unnamed write-in candidates (but, presumably, Primary loser and 16-year-incumbent, Byron Brown) winning the remaining 59% of ballots cast. 

      • GOP Strategy: Tell Bigger and Crazier Lies to energize voter turnout

        Many moderate democrats were also on board with placing the blame on the W-word. “What went wrong is just stupid wokeness,” said political strategist James Carvell.

        But progressives weren’t so sure wokeness was to blame. Rep. Alexandria Ocasio-Cortez suggested the results show the limits of trying to run a super moderate campaign that does not “excite, speak to or energize a progressive base.”

      • ‘Tip of the Iceberg’: Report Warns Michigan GOP Ploy Could Shutter 20% of Polling Places

        If successful, a Republican-backed petition initiative in Michigan could result in the closure of one in five polling locations across the crucial battleground state, potentially creating harmful new barriers to ballot access and disenfranchising voters.

        That’s according to a report published Wednesday by the local advocacy group Progress Michigan, which warned that the election law changes proposed by the Secure MI Vote initiative would “make it harder for Michiganders to vote and make the job of administering elections more difficult for local clerks.”

      • Succession’s Repetition Compulsion

        HBO’s Succession is a show about four siblings trying to decide whether or not to kill their dad. Justly celebrated for its savvy casting, evocative score, clever writing, luxurious (if claustrophobic) set design, and crafty (if rarely beautiful) cinematography, Succession—which returned for a third season this fall—has nonetheless been fueled primarily by this perpetual oedipal edging: Will they? Won’t they? Can they?

      • Destroy Filibuster to Lift Up ‘Your Limp Democracy’: Spoof Ad Demands End to Electile Dysfunction
      • Opinion | Democrats Must Evolve Their Voter Communications Strategy

        “I got a call from Bill Clinton!” my grandmother informed me one day many years ago, thrilled that the president of the United States had taken time out of his busy schedule to call her. But he hadn’t. Instead, it was her first encounter with an exciting new technology—robocalls—which were used to remind voters to get out and cast a ballot. Wow, did she kvell about this experience and tell all her friends to go vote for her friend Bill. 

      • Opinion | Found in Translation: New York Times Says Democrats Shouldn’t Challenge Oligarchy

        A few days after the Nov. 2 election, the New York Times published a vehement editorial calling for the Democratic Party to adopt “moderate” positions and avoid seeking “progressive policies at the expense of bipartisan ideas.” It was a statement by the Times editorial board, which the newspaper describes as “a group of opinion journalists whose views are informed by expertise, research, debate and certain longstanding values.”

      • Here’s How the Democrats Can Win Back Rural Voters

        No matter how much you try to dress it up, last week’s election results make it clear that Democrats have a rural problem. The failure to even seriously contest—let alone win—statehouses and congressional seats over so much of the electoral map leaves the party perpetually behind. Our party has relied on suburban moms and black women to save the day repeatedly. They have capes—don’t get me wrong—but they also need a coalition of voters to step up to save democracy alongside them.

      • Howie was on The Public Press on 11/9/21.

        Today I am joined by lifelong activist and 2020 presidential candidate from the Green Party, Howie Hawkins, to discuss important topics from ways we can go about strengthening our democracy and its relevance towards passing a pro-worker agenda, to Biden and the Democrats failing the working people of this country in favor of serving their wealthy donors. Additionally, any comments made from our audience during the livestream may be considered in the program’s conversation.

      • Former top officials warn democracy in ‘jeopardy’ without Congressional action on election security

        A bipartisan group of almost 100 former national security officials is urging Congress to take steps to secure elections ahead of next year, warning that without action, the nation’s democratic institutions are in “severe jeopardy.”

        “We write to express our alarm at ongoing efforts to destabilize and subvert our elections, both through active disinformation campaigns and the related efforts to inject partisan interference into our professionally administered election process,” the officials wrote in an open letter published Tuesday. “We believe these efforts are profoundly damaging to our national security, including by making our elections more vulnerable to foreign interference and possible manipulation.”

        “We call on Congress to confront these threats and safeguard our democratic process as we look ahead to the 2022 elections and beyond,” they wrote.

      • Civil liability – adapting liability rules to the digital age and artificial intelligence

        Section I of this consultation concerns the Product Liability Directive. Since 1985, this Directive has provided a harmonised system for compensating consumers who suffer damage from defective products. The Directive applies to all movable products regardless of the technology they use, and therefore also applies to AI-driven products.

        However, the evaluation found that it was difficult to apply the Directive to products in the digital and circular economy because of its outdated concepts. It also found that it was difficult for consumers to get compensation, especially when it comes to proving that complex products were defective and caused the damage.

        Section II of this consultation specifically concerns AI. The Commission’s objective is to encourage the development and roll-out of safe AI systems and build trust amongst potential users. In order to address risks to safety and fundamental rights, the Commission has proposed harmonised rules for the development, placing on the market and use of certain AI systems (AI Act) and further changes to safety legislation (e.g. proposal for a Machinery Products Regulation). As a next step, the Product Liability Directive and national liability rules may also need to be adapted. In the second part of this consultation, the problems linked to certain types of AI – which make it difficult to identify the potentially liable person, to prove that person’s fault or to prove the defect of a product and the causal link with the damage – are explored further.

    • Misinformation/Disinformation

      • Cyber agency beefing up disinformation, misinformation team

        Easterly noted that earlier this week she had a meeting with “six of the nation’s experts” in the disinformation and misinformation space. She stressed her concerns around this being a top threat for CISA, which is charged with securing critical infrastructure, to confront.

        “One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important,” Easterly said.

    • Censorship/Free Speech

      • Content Moderation Case Study: Electric Truck Company Uses Copyright Claims To Hide Criticism (2020)

        Summary: There are many content moderation challenges that companies face, but complications arise when users or companies try to make use of copyright law as a tool to block criticism. In the US, the laws around content that allegedly infringes on a copyright holder’s rights are different than most other types of content, and that creates some interesting challenges in the content moderation space.

      • John Cleese Pulls Out of Cambridge Union Talk Over ‘Woke Rules,’ ‘Monty Python’ Hitler Impersonation

        Celebrated “Monty Python” and “A Fish Called Wanda” actor and writer John Cleese has pulled out of an upcoming talk at the Cambridge Union on Friday, citing concerns over “woke rules” and an Adolf Hitler impersonation he had famously done on the “Fawlty Towers” series decades ago.

        Cleese, who is a Cambridge alumnus, was responding to a decision by the Union, which is a debating society, to blacklist art historian Andrew Graham-Dixon. The historian had performed a mock impression of Hitler ranting, during a debate last week on art and good taste at the Union. Subsequently, Union president Keir Bradwell informed members that Graham-Dixon was banned from speaking there.

    • Freedom of Information/Freedom of the Press

      • What happens when the news desert is in your own backyard?

        Apologies for a little extra localism here at Nieman Lab dot org today. But our hometown of Cambridge, Mass., has become a noteworthy example of a phenomenon happening nationwide: the hollowing out of local news.

        Cambridge is home to the oldest weekly newspaper in the United States, the Cambridge Chronicle. It’s been the running record of the city since 1846. But that record has gotten sparser and sparser as the Chronicle’s staff has dwindled. For the past few years, there’s been only one journalist working there: editor Amy Saltzman. And now she’s gone too.

    • Civil Rights/Policing

      • Senate Democrats Call On Biden to Pardon All Federal Nonviolent Marijuana Offenders

        Blasting “over a century of failed and racist cannabis policies,” a trio of progressive U.S. senators on Tuesday urged President Joe Biden to use his executive authority to issue a blanket pardon for all nonviolent federal marijuana offenses.

        Along with laying out how “America’s cannabis policies have punished Black and Brown communities for too long,” the letter from Sens. Elizabeth Warren (D-Mass.), Ed Markey (D-Mass.), and Jeff Merkley (D-Ore.) highlights that such laws “are increasingly out of step” with public opinion.

      • Human Rights Coalition Petitions UN to Probe Discriminatory Vaccine Hoarding by Rich Nations

        A global coalition is accusing nations including the U.S. and U.K. of violating international human rights law through actions contributing to a discriminatory Covid-19 vaccine rollout and has filed an appeal at the United Nations to ensure human lives have priority over corporations’ intellectual property protections.

        “Governments must fulfill their international obligations and help prioritize people over profits by ensuring vaccine equity for all.”

      • “The Worst Prison in New York State”

        Conditions in New York City jails have reached a boiling point, prompting day-long hearings, national media attention, and renewed calls for the Rikers Island jail complex to be shuttered. The jails have seen spikes in violence, deaths, suicides, and suicide attempts, heat waves without adequate cooling, and reduced access to basic services including medical and mental health care. This story was published in partnership with New York Focus, an independent, investigative news site covering New York state and city politics. Sign up for their newsletter here.

      • Xenophobic Attitudes in France, Sweden, Germany, and Poland

        As so often in our culture, the concept of Xenophobia pre-dates those dim Germans sitting in their equally dim forests when Romans appeared. Xenophobia originates in Greek ξένος or xénos. It indicates strange, foreign, and alien and is combined with phóbos or fear.

        It is the fear and hatred of that which is perceived to be foreign and strange. Right-wing xenophobia thrives on setting the in-group against the out-group. In that, xenophobia is highly suitable when conjuring up a fear of losing national and racial identity. German Neo-Nazis will never stop engineering xenophobia because it supports the ideology of pure race found in their hallucination of an antisemitic Volksgemeinschaft.

      • It’s in the Air
      • Missouri Admits It Fucked Up In Exposing Teacher Data, Offers Apology To Teachers — But Not To Journalists It Falsely Accused Of Hacking

        As you’ll recall, last month, journalists for the St. Louis Post-Dispatch revealed that the state’s Department of Elementary and Secondary Education (DESE) website was exposing teacher and administrator social security numbers in the HTML source code. This came years after state auditors had highlighted that DESE was already collecting information it should not have been collecting. Bizarrely, DESE and Missouri governor Mike Parson, rather than thanking these journalists for helping to protect the teachers, accused them of being hackers and promising to prosecute them. After people mocked him, he doubled down on the claim and a PAC closely connected to Parson put out a bizarre add playing up the evil “hacking” by the “fake news” media, along with ridiculous talk about “decoding the HTML source code.”

      • Senators Call for Federal Investigation Into Liberty University’s Handling of Sexual Assaults. School Promises Independent Probe.

        Citing possible violations of federal law, three senators, including the two from Virginia, are pressing the U.S. Department of Education to investigate Liberty University’s handling of sexual assault claims.

        Liberty’s board also voted Friday to open an “independent and comprehensive review” of the school office tasked with handling discrimination and abuse.

      • Remembering Elliot Harmon, 1981-2021
      • Uber discriminates against people with disabilities, new DOJ lawsuit alleges

        According to the Justice Department, Uber instituted a wait time fee in a number of cities starting in April 2016, eventually expanding the policy nationwide. Passengers would incur the fee two minutes after their Uber car arrives at their pickup location and were charged until the car begins its trip. Passengers with disabilities, such as those who use a wheelchair or a walker, often need more time to get into the car than passengers without disabilities.

      • Uber sued by Justice Department for overcharging disabled people

        It is not the first time that Uber has found itself in hot water over disability issues.

      • Wolt’s couriers are employees, rules authority; Wolt to defy ruling

        Wolt said the ruling was expected, announcing its intent to appeal against it. It pointed out that more than 70 per cent of its couriers value the freedom of entrepreneurship over the security of a formal employment relationship, estimating that it would only be able to have slightly over 2,000 of its almost 5,000 couriers on its payroll if employment contracts were required to perform the work.

      • DoorDash shares surge on news it is buying Finnish food-delivery company Wolt in $8 billion deal

        During the company’s third-quarter earnings call Tuesday, DoorDash Chief Executive Tony Xu said Wolt, which has more than 4,000 employees, has built “a remarkable business” that has become a leading local commerce-delivery platform across 23 countries, 22 of which would be new to DoorDash. Wolt delivers from restaurants and 14 other categories, including grocery.

      • DoorDash to charge up growth with $8 billion deal for Europe’s Wolt

        Nearly two-thirds of Wolt’s gross order value, a metric totaling value of all orders and subscription fees, brings in positive contribution profit, DoorDash said, adding it would not share further details.

    • Internet Policy/Net Neutrality

      • Infrastructure Bill Is Great For Broadband, But Still Ignores The Real Problem (Monopolies & Corruption)

        After months of intense wrangling, the Biden administration’s infrastructure bill has finally made it through Congress, delivering a massive injection of much-needed funds to an absurdly overlooked part of the economy. You might recall the broadband component of the bill saw its overall price tag cut from $100 billion to $65 billion. There were several other changes made at the request of the telecom lobby, such as a slower speed definition standard and the elimination of language to help community broadband. But it’s still the biggest U.S. broadband investment on record, and filled with a lot of great things.

    • Digital Restrictions (DRM)

      • Apple Faces Yet More ‘Right To Repair’ Backlash Over iPhone 13 Screen

        Apple has never looked too kindly upon users actually repairing their own devices. The company’s ham-fisted efforts to shut down, sue, or otherwise imperil third-party repair shops are legendary. As are the company’s efforts to force recycling shops to shred Apple products (so they can’t be refurbished and re-used), and Apple’s often comical attacks on “right to repair” legislation, a push that only sprung up after companies like Apple, Microsoft, Sony, John Deere, and others created a grass-roots counter-movement via their attempts to monopolize repair.

    • Monopolies


        “Bill Gates ordered to all application business units to include checking routines of operating environments and if it is Microsoft DOS, nothing will happen. But if it is non MS-DOS (such as DR-DOS), application will display messages saying that ‘This application has been developed and tested for Microsoft MS-DOS. Since you use different environment, this application may not work correctly . . .’ ”

      • Patents

        • $2,000 for Jeffrey M. Gross entity Onscreen Dynamics prior art

          On October 4, 2021, Unified Patents added a new PATROLL contest, with a $2,000 cash prize, seeking prior art on at least claim 1 of U.S. Patent 9,645,663. The patent is owned by Onscreen Dynamics LLC, a Jeffrey M. Gross entity. The ’663 patent relates to an electronic device with a touchscreen display comprising of an active touchscreen region and a virtual bezel area. The patent has been asserted against Tesla, BMW, Mercedes, Volvo, Pioneer, Partner Tech, Getac Technology, EMBROSS, Sharp, AsusTek, Samsung, and LG.

        • Software Patents

          • B# On Demand patent held invalid

            On November 10, 2021, the Patent Trial and Appeal Board (PTAB) issued a final written decision in Unified Patents, LLC v. B# On Demand, LLC holding all challenged claims of U.S. Patent 9,553,880 invalid. Owned and asserted by B# On Demand, LLC, an NPE, the ’880 patent discloses a system that transmits a catalog of electronic files to a requesting user, sets up customer accounts, processes payments from customers to establish file access authorizations, and enables transmission of user-selected files to customers. It had been asserted against Spotify.

      • Trademarks

        • Basmati rice’s EU trade mark application raises questions about Brexit and oppositions on the basis of UK law

          A few weeks back, this Kat wrote an article about a case which relied on the UK law of passing off in a UK trade mark infringement claim. This time, we have a look at a case which relied on UK passing off to oppose an EU trade mark application under Article 8(4) EUTMR. With the case revolving around basmati rice, and a bit of Brexit to sweeten the deal, let’s see what happened.


          The relevant UK provision (section 5(4) of the Trade Mark Act 1994) provides that a trade mark shall not be registered where its use can be prevented by virtue of any law (in particular, the law of passing off) that protects a non-registered trade mark or other sign used in the course of trade. The applicant relied upon the ‘extended’ form of passing off (referred to in Chocosuisse Union des fabricants suisses de chocolat & Ors v Cadbury Ltd. [1999] EWCA Civ 856), which enables several traders to have rights over a sign which has acquired a reputation on the market (and whereby – as per the UK law of passing off – such notional use by another has constituted a misrepresentation, and damage was caused).

          The BoA had previously found that, whilst there was reputation giving rise to goodwill, a likelihood of misrepresentation could not be established on the basis of the contested goods and use of the mark applied for could not cause direct loss to the applicant as it was not likely to cause a direct loss of sales.

      • Copyrights

        • Gasp! YouTube Shutters Account For Person Committing DMCA Takedown Fraud!

          It should come as no surprise to regular Techdirt readers that the DMCA takedown process is not only wide open to fraud and abuse, but that those avenues are regularly used in real life for just those purposes. Takedowns to silence criticism, takedowns to try to steal traffic from others, or takedowns or monetization claims just to get some paltry amounts of streaming revenue: the point is that this shit happens all the time. What absolutely does not happen with any frequency is the folks behind these bogus actions getting punished in any way for their behavior.

        • Criminal Copyright Complaint Filed Against BitTorrent Seedbox Provider

          Three seedbox providers have announced that they will block their users from sharing on at least three named trackers. While one appears to have decided to act voluntarily, TorrentFreak is informed that a company operating under two brands is now being investigated for criminal copyright infringement.

        • The Pirate Bay Story Will Be Turned Into a TV Series

          The Pirate Bay’s turbulent history will be turned into a six-part TV drama. The Swedish production is scheduled to start filming next year and will be aired by public broadcaster SVT. The makers will base their story on input from various insiders but the site’s founders are not part of the crew. Instead, Pirate Bay co-founder Peter Sunde informs us that he’s working on his own film project about the site.


Links 10/11/2021: Release of RHEL 8.5, Valve Delays Steam Deck, Sailfish OS 4.3 Released

Posted in News Roundup at 7:55 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Sick of Windows? How to test-drive Linux

        Linux is an operating system, similar to the one you use on your Windows and Apple computers. It runs software and allows you to access the various peripherals (printers, speakers, mice, keyboards, SD card readers, etc.) you attach to the system. Without an operating system, your computer would be of no use to you

        You may or may not have ever heard about Linux and that’s OK; either way, you’re in for a treat. Why? Because many of the headaches you have to deal with, when using Windows, won’t be an issue with Linux. Those surprise reboots to apply upgrades? Nope. The constant fear of malware or ransomware? Not on Linux. Costly software? Not an issue.

      • Christopher Davis: System76: A Case Study on How Not To Collaborate With Upstream

        Preface: the following post was written in the context of the events that happened in September. Some time has passed, and I held off on publishing in the hopes we could reach a happy ending with System76. As time has passed, that hope has faded. Attempts to reach out to System76 have not been productive, and I feel we’ve let the impression they’ve given the wider tech community about GNOME sit for far too long. Some things have changed since I originally wrote the post, so some bits have been removed.

        Recently there’s been some heated discussion regarding GNOME’s future. This has led to a lot of fear, uncertainty, and doubt being spread about GNOME, as well as attacks and hostility toward GNOME as a whole and toward individual contributors. This largely started due to the actions of one company’s employees in particular: System76.

        This is not the first time System76 has been at the center of a public conflict with the GNOME community, nor is it the first time it was handled poorly. At this point, I no longer feel comfortable working with System76 without some sort of acknowledgment and apology for their poor behavior, and a promise that this won’t happen again.

        You might be thinking: what sort of behavior are you talking about? What has System76 done to deserve this treatment? Well, it’s not any one incident – it’s a pattern of behavior that’s repeated multiple times over the past few years. I’ll share incidents I know of from the past, what their behavior has been like in the present, and my own thoughts on the future.

      • System76 accused of not collaborating with GNOME • The Register

        A core member of the GNOME team has accused System76 of being “a case study on how not to collaborate with upstream” following confirmation that the Linux PC vendor is working on a new desktop built with Rust.

      • The Framework Laptop Is Great For A Linux-Friendly, Upgradeable/Modular Laptop [Ed: Now Larabel... is this an ad?]

        While many Linux users were excited years ago around EOMA68 and in part the possibility of an open, upgradeable laptop design, it has yet to ship and looking like it never will — not to mention being very outdated specifications by today’s standards. Entirely unrelated to that prior upgradeable hardware effort but continuing in similar goals is The Framework Laptop. The Framework Laptop is a thin, upgradeable notebook that is Linux-friendly and allows the user to easily upgrade their own components. I was testing The Framework Laptop for a while and from the hardware perspective is a very nice device and running well under Linux.

    • Audiocasts/Shows

    • Kernel Space

      • OpenZFS 3.0 Could See macOS Support & DirectIO, While ZFS For Windows Continues – Phoronix

        The annual OpenZFS Developer Summit wrapped up yesterday with interesting talks on this open-source, cross-platform ZFS file-system implementation.

        ZFS co-creator Matt Ahrens kicked things off as usual, including touching on future work and possible expectations for OpenZFS 3.0. Given the annual major release cadence, OpenZFS 3.0 is up next for the project that currently has support for Linux and FreeBSD systems. Some of the possible features expressed for OpenZFS 3.0 include macOS support, DirectIO, RAIDZ expansion, Linux namespaces, ZFS on object store, FIEMAP, VDEV properties, async DMU, and more. We’ll see though next year ultimately what pans out for the next ZFS release.

      • DirectIO For OpenZFS Shows Very Promising Performance – Phoronix

        Running the past two days was the annual OpenZFS Developer Summit. One of the most interesting presentations from this virtual event was on the status of DirectIO (O_DIRECT) support for the OpenZFS file-system and the performance boost it can offer in relevant areas.

        Brian Atkinson of the Los Alamos National Laboratory presented at the developer summit around the DirectIO support for OpenZFS. The work ultimately boils down to the DirectIO merge request open for OpenZFS since February 2020. This support aims to allow bypassing ZFS’ ARC when issuing reads/writes with a particular focus on improving the performance for Zpools on NVMe solid-state drives as well as other cases where ARC just gets in the way.

      • Kernel 5.10.78 with legacy framebuffers

        I am having success with fixing Firefox, will post about that later. For now want to document a little experiment; the linux kernel configured to use efifb and vesafb.

      • Where Rust fits into Linux • The Register

        Opinion To become a Linux developer, you used to need C as your passport. Now Rust can let you be an OS programmer as well.

        The joke goes: “C combines the power and performance of assembly language with the flexibility and ease-of-use of assembly language.” Having programmed in both C and IBM 360 Assembler – it was a long time ago, OK – there’s something to that. Because of its power, performance, and portability, C became the operating system language of choice, including, of course, Linux.

      • Improved Retpoline Code In The Linux 5.16 Kernel – Phoronix

        Merged last week into the Linux 5.16 kernel is improved Retpoline “return trampoline” code.

        Phoronix readers should be very familiar with Retpolines by now as being used for Spectre Variant Two mitigations. This improved Retpoline code in Linux 5.16 as part of the “objtool/core” changes rewrites Retpolines to indirect instructions in situations where Retpolines are not enabled. There is also a change for rewriting an indirect LFENCE for the AMD handling. The x86 BPF code is also better handled around its Retpoline behavior.

      • Kernel 5.15: A small but mighty Halloween release

        It might be smaller than the last few kernels, but with well above 10,000 non-merge changes, the latest Linux kernel still packs a punch. Released on October 31, kernel 5.15 brings lots of exciting new features. For example, ksmbd has been merged, which provides a simple SMB3 server implementation, and a potential user for the case sensitive filesystem support code Gabriel upstreamed in the 5.2 kernel. Another noteworthy highlight is the real-time preemption locking code, which finally hit mainline after 17 years! Meanwhile, in the embedded space, we expect to soon see processors hitting the market that have CPU cores with asymmetric behaviour (e.g. some cores only support 64 bit and some cores only supporting 32 bit). Scheduling a 64 bit task on a 32 bit CPU core would be fatal and the new scheduler will avoid this thanks to Arm.

        As usual, our Collabora engineers haven’t been slacking either, so let’s have a look at their contributions to this kernel release.

      • Graphics Stack

        • Mike Blumenkrantz: Inline 2.0

          In the course of working on more CI-related things for zink, I came across a series of troublesome tests (KHR-GL46.geometry_shader.rendering.rendering.triangles_*) that triggered a severe performance issue. Specifically, the LLVM optimizer spends absolute ages trying to optimize ubershaders like this one used in the tests:

        • Mesa 22.0 Zink Speeds Up OpenGL-Over-Vulkan On CPUs – Phoronix

          While there is already LLVMpipe Gallium3D for software acceleration of OpenGL on CPUs within Mesa, if wanting to increase the layers of abstraction you could also use Zink for OpenGL over Vulkan and by way of Lavapipe have that software accelerated on the CPU. With Mesa 22.0-devel, that route of Zink on CPUs is now faster.

        • NVIDIA 470.86 Linux Driver Released With VRR/G-SYNC Fix – Phoronix

          While since the end of October there has been NVIDIA 495.44 as the stable 495 series driver beta for Linux users, out today is their v470.86 release for those using that older long-term support branch.

          The NVIDIA 495 driver series is being treated as their new feature branch series with GBM API support and other additions while the NVIDIA 470 driver series continues to serve as their production branch version.

          Today’s NVIDIA 470.86 driver release is a small one adding a new NVIDIA driver installer option and fixing a VRR/G-SYNC regression/. The variable refresh rate regression prevented DisplayPort and HDMI 2.1 VRR/G-SYNC compatible monitors from functioning correctly in the VRR mode. This yielded flickering and other problems but should now be cleared up with the NVIDIA 470.86 Linux driver.

    • Instructionals/Technical

      • How to Install Zoom on Ubuntu (the Easiest Way)

        Zoom works perfectly on Linux and supports variants of Linux distros. Here I will show you the simplest way to install Zoom client on Ubuntu.

        Zoom is a popular video conferencing software available for multiple operating systems including Linux. It has become a go-to software for hosting webinars, creating conference rooms, and organizing online meetings.

        Installing Zoom on Linux is as easy as installing it on Windows. Here’s a step-by-step guide how to do it easily and quickly.

      • Neil Williams: LetsEncrypt with Apache, Gunicorn and Debian Bullseye

        Upgrading an old codebase from Python2 on Buster to Python3 ready for Bullseye and from Django1 to Django2 (prepared for Django3). Everything is fine at this stage – the Django test server is happy with HTTP and it gives enough support to do the actual code changes to get to Python3. All well and good so far. The main purpose of this particular code was to support payments, so a chunk of the testing cannot be done without HTTPS, which is where things got awkward.

        This particular service needs HTTPS using LetsEncrypt and Apache2. To support Django, I typically use Gunicorn.

        All of this works with HTTP. Moving to HTTPS was easy to test using the default-ssl virtual host that comes with Apache2 in Debian. It’s a static page and it worked well with https. The problems all start when trying to use this known-working HTTPS config with the other Apache virtual host to add support for the gunicorn proxy.

      • Create a simple calculator using HTML, CSS and Javascript – DEV Community

        In this tutorial we will create a fully working calculator using only HTML, CSS and vanilla Javascript. You’ll learn about event handling, and DOM manipulations throughout the project. In my opinion this is a really good beginner project for those who want to become web developers.

      • Changing Grafana Legends – Small Dropbear

        I’m not sure if I just can search Google properly, or this really is just not written down much, but I have had problems with Grafana Legends (I would call them the series labels). The issue is that Grafana queries Prometheus for a time series and you want to display multiple lines, but the time-series labels you get are just not quite right.

      • Shaark: Keep your bookmarks and data in one place

        As every daily internet user, you have resources all around, which include posts, links, comments, passwords, images, and more.

        Some create a text file or a spreadsheet file to keep track of their data. Well, with Shaark, they do not need to do that.

      • How To Install Laravel on Linux Mint 20 – idroot

        In this tutorial, we will show you how to install Laravel on Linux Mint 20. For those of you who didn’t know, Laravel is a very popular open-source PHP framework aimed at the easy development of applications. It is based on the Symfony framework and follows the model–view–controller (MVC) architectural pattern.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of a Laravel on a Linux Mint 20 (Ulyana).

      • How to Build and Install RethinkDB on Ubuntu 20.04

        In this article I will be guiding you on how to install RethinkDB on Ubuntu 20.04

        RethinkDB is an open-source, scalable JSON database built from the ground up for the realtime web. It inverts the traditional database architecture by exposing an exciting new access model, instead of polling for changes, the developer can tell RethinkDB to continuously push updated query results to applications in realtime. RethinkDB’s realtime push architecture dramatically reduces the time and effort necessary to build scalable realtime apps. It is a great option when you need real time feeds to your data.

        RethinkDB is very useful when your application needs real time feeds to your data. RethinkDB query-response database access model works well on the web because it maps directly to HTTPs response request.

      • How to Change the Hostname in Linux

        There are plenty of reasons why you may want to change the hostname of your Linux system. Unfortunately, changing your hostname is not exactly an intuitive process. Don’t worry, though, we’re going to show you how you can change your machine’s hostname in less than a minute with just a few clicks and commands.

        Although this guide uses Ubuntu to demonstrate the steps required to change the hostname, the commands should work on other Linux distributions as well.

      • How to install FL Studio 20 on a Chromebook in 2021

        Today we are looking at how to install FL Studio 20 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

        If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

      • Install and Setup i3 Windows Manager on Debian 11 – kifarunix.com

        Welcome to our tutorial on how to install and setup i3 Windows Manager on Debian 11. i3 is a tiling window manager for X11. “A tiling window manager is a window manager with an organization of the screen into mutually non-overlapping frames, as opposed to the more popular approach of coordinate-based stacking of overlapping objects (windows) that tries to fully emulate the desktop metaphor.”

      • PHP: How to fix the “Call to undefined function curl_init()” error – Anto ./ Online

        Are you using PHP’s curl_exec() function and getting a “call to undefined function curl_init()” error? If so, then let’s fix the undefined curl_init() function error for you on Linux.

      • How to Fix : Failed to install the Extension Pack on Linux Mint

        In this tutorial you will learn how to fix the error “Failed to install the Extension Pack” when installing the virtual box extension pack on Virtualbox.

        Virtualbox extension pack enables support for Support for USB 2.0/ USB 3.0 devices, VirtualBox Remote Desktop Protocol, disk encryption, NVMe and PXE boot for Intel cards, so this package should be installed in order to be able to use the above mentioned devices on your virtual machine.

        For example: You have an usb device which you want to plug into your virtual machine, then to do this you need to install the extension pack. However, you got the error below which doesn’t allow you to install the extension pack.

      • How to change the color of active windows in Plasma

        Alternatively, the title of this article is: how to change the color of active titlebars in Plasma. So what is this all about? In the Plasma desktop, the default theme is called Breeze. Until about Plasma 5.18, Breeze shipped with a light application theme, plus dark window borders. Excellent ergonomic choice, easy separation between foreground and background windows. None of the flat, modern nonsense.

        Recently, Plasma offers distinct all-light or all-dark themes, plus a mixed theme called Twilight, which gives you the old light-dark combo. Except … it no longer works correctly. The window borders for active windows are light-themed. This is an under-reported, not-well-understood issue. I even had people emailing me telling me how to change the colors. Which I did, and the change does nothing, as there seems to be an unresolved bug in Plasma. I’ve been talking about this for more than a year. It’s time for a dedicated article.

      • How to Mount Bitlocker Encrypted Windows Partition on Linux [Ed: A bit misleading as Bitlocker is not proper encryption; it’s back doored in the sense Microsoft steals the keys [1, 2]]

        Here’s the scenario. My system came with Windows 10 Pro and that came with BitLocker encryption. I installed Ubuntu in the dual boot mode even with the BitLocker encryption enabled for Windows.

        You can easily access the Windows files from within Linux. No hi-fi stuff here. Just go to the file manager and click on the Windows partition which is located usually under the “Other Locations” tab.

      • ssh to machine behind shared NAT – blackMORE Ops
      • What sysadmins need to know about Linux permissions | Enable Sysadmin

        Standard permissions in Linux are simple and direct, and they can be used to manage files and file shares on many different filesystems and file-sharing protocols. An access control list (ACL) adds even more functionality to Linux permissions. This article covers just a few permissions basics and provides links to other great Enable Sysadmin content that delves into permissions and ACLs in more detail.

      • Delete unused EBS (Elastic Block Storage) Volumes on AWS using a Lambda Function

        Amazon Elastic Block Store (EBS) is an easy-to-use, high-performance block storage service. It is like an external disk that can be attached to an EC2 Instance and used to store our data on it. If the EBS Volumes are not in use and not needed and still available in the account, then you will be charged by AWS for them unnecessarily. To save some cost, we will see the Lambda function which can be used to find and delete such unused EBS Volumes.

      • Create a Free Linux VM on Your Computer | Built In

        Skip the cloud. Create a Linux VM using VirtualBox and Ubuntu for your next data science project. Here’s how to get started.

    • Games

      • Axis & Allies 1942 Online from Beamdog is out now with full cross-play | GamingOnLinux

        Beamdog, known for their RPG revamps like Baldur’s Gate: Enhanced Edition and Neverwinter Nights: Enhanced Edition have finally pushed Axis & Allies 1942 Online out of Early Access as a finished game with full cross-play.

        With it based on the popular Axis & Allies 1942 Second Edition board game from Avalon Hill, you will be able to play online against others across Linux, macOS, Windows, Android and iPadOS. Now that’s the kind of broad support we like to see in a multiplayer title!

        “German tanks mobilize in the west, blitzing into France and pushing back the Soviet Union in eastern Europe. The United States rises in response to Japanese aggression in the Pacific. The United Kingdom rallies allies as bombers menace the skies. The year is 1942, and the world is at war!

      • RetroArch brings more emulator cores to Steam including PPSSPP | GamingOnLinux

        RetroArch, the free and open source application designed to help you manage emulators, media playback and more has a few additional emulator cores available now on Steam.

        Cores are essentially the modules that RetroArch runs to do things, like run different emulators. The Steam release for RetroArch is a little different to the normal version. Instead of grabbing these cores directly in the application, they’re being put up as individual DLC to download.

      • Relaxing tropical adventure Fishing Paradiso announced for 2022 | GamingOnLinux

        Fishing Paradiso is the next title from Japanese developer Odencat, who also created Bear’s Restaurant, with a release planned to arrive with Linux support in early 2022.

      • Silly platformer metroidvania Clunky Hero is now in Early Access | GamingOnLinux

        Chaosmonger Studio, developer of Encodya, has released their latest with the comedic platformer metroidvania Clunky Hero with it beginning life in Early Access.

        “Clunky Hero is a story-driven, platformer metroidvania, with a touch of RPG and tons of humor. If you’d love a platformer game where you have a funny storyline, can talk with characters, solve side quests, find and buy items, change weapons and wearables, with great hand-drawn-looking backgrounds, presented in a very comical way, then Clunky Hero might be the game of your dreams!”

      • Hacked Punch-Out Controlled With Actual Punches | Hackaday

        In a slightly safer departure away from jetpack roller-skating and flinging around bolts of lightning, [Ian Charnas] has been hacking retro video games. After a lot of hard work [Ian] has managed to add pose estimation to control the character is the NES boxing game “Punch-Out.” Surely he can’t get hurt doing that? No, but since it wasn’t fair to hurt the poor suffering characters, without taking any damage himself, he added electric-shock feedback to give the game a bit more, ahem, punch. See, you can get hurt playing video games!

        By starting with Google MoveNet, which is a pre-baked skeletal tracking model which can run in a browser using TensorFlowJS, he defined some simple heuristics for the various boxing moves usually performed with the game controller. Next, he needed to get the game. Being a all-round good guy, [Ian] bought an original copy of the game cartridge to obtain the license, then using the USB CopyNES from RetroUSB, dumped out the game binary for the next step.

      • Steam Deck Deposit – Steam Deck Shipping Update – Steam News
      • Steam Deck DELAYED! – Invidious
      • Steam Deck Release Pushed Back To February 2022 – Phoronix

        Valve just sent out an email to pre-order customers that the Steam Deck release is being delayed by two months.

        Due to the ongoing global supply chain crisis, Valve is needing to delay the Steam Deck ship date to February 2022 due to material/component shortages. Valve originally hoped to begin shipping their Steam Deck Linux-powered gaming handheld before the end of the calendar year.

      • Valve delays Steam Deck, now starts shipping February 2022 | GamingOnLinux

        Valve has announced today that their hotly anticipated handheld, the Steam Deck, has been delayed until 2022.

        Sadly, every company making computing hardware has been facing component shortages and various shipping delays and it seems that Valve has been unable to get around it. They said “The launch of Steam Deck will be delayed by two months. We’re sorry about this—we did our best to work around the global supply chain issues, but due to material shortages, components aren’t reaching our manufacturing facilities in time for us to meet our initial launch dates.”

      • You can grab a free to keep copy of Beholder on Steam | GamingOnLinux

        Beholder, a very well-reviewed game about being a state-installed landlord in a totalitarian country is currently available free for keeps on Steam. You might want to act fast on this one, as it seems the free to keep period ends tomorrow, November 11.

        “A totalitarian State controls every aspect of private and public life. Laws are oppressive. Surveillance is total. Privacy is dead. You are the State-installed manager of an apartment building. Your daily routine involves making the building a sweet spot for tenants, who will come and go.

      • Proton Experimental gets Age of Empires 4 working out of the box on Linux | GamingOnLinux

        Want to play Age of Empires 4 on Linux? Now you can. Another update for Proton Experimental has gone live. What is Steam Play and Proton? See our beginner’s guide for more if you’re unclear.

        As of November 9, Proton Experimental got fixes to allow Age of Empires 4 to work as well as Marvel’s Guardian of the Galaxy (although that only works on AMD GPUs currently). Additionally, a rare crash when starting up Baldur’s Gate 3 was also solved for this release.

      • System76 patches APT for Pop!_OS to prevent users breaking their systems | GamingOnLinux

        There’s been a huge amount of talk recently about switching to Linux for gaming, thanks to the challenge from Linus Tech Tips (YouTube) where two of their people tried the full-switch but it didn’t go so well for Linus and Pop!_OS. Now, System76 are trying to improve.

        It was pretty unfortunate that as Linus was going to install Steam, Pop’s packaging had some sort of breakage that wasn’t quite picked up and Linus ended up hosing the Pop desktop install. You can easily do some finger-pointing on where the real blame lies here from Pop not ensuring a major package like Steam works correctly before it’s pushed to users, to Linus ignoring the (what should be) pretty-clear warning message…

      • Hacking the Sony Playstation 5 – Schneier on Security

        I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers.

      • A pair of PS5 hacks could be the first steps towards jailbreaking Sony’s latest console

        The two exploits are particularly notable due to the level of access they theoretically give to the PS5’s software. Decrypted firmware — which is possible through Fail0verflow’s keys — would potentially allow for hackers to further reverse engineer the PS5 software and potentially develop the sorts of hacks that allowed for things like installing Linux, emulators, or even pirated games on past Sony consoles.

    • Desktop Environments/WMs

      • 7 Things You Should Know Before Switching to a Window Manager

        The idea of creating a personalized desktop compels many Linux users to install a window manager. There are ample reasons to ditch your current desktop environment and switch to a window manager instead, but since everyone comes from a different mold, it’s not a “one-size-fits-all” case.


        A window manager is a program responsible for positioning and displaying windows in a GUI. These programs can be a part of a larger desktop environment or can be used as a standalone desktop.

        A desktop environment usually consists of a window manager, widgets, and other utilities that interact with the rest of the applications to provide an interactive user experience. Some widely-used desktop environments are KDE Plasma, GNOME, Xfce, LXQt, Cinnamon, etc.

        i3wm, bwspm, dwm, KWin (used in KDE), and Metacity (used in GNOME) are some examples of window managers.

      • GNOME Desktop/GTK

        • This Extension Adds Your Text as Watermark in Ubuntu 21.10 GNOME

          Want to display some text on your desktop as watermark? This extension makes it possible in Ubuntu 21.10, or Fedora 34/35 with GNOME 40+.

          As I know, only Fedora so far display system logo as watermark in the bottom right of its GNOME desktop, though it’s enabled only for the default wallpaper by default.

          ‘Activate Gnome’ is the extension, which adds semi-transparent text ‘Activate Gnome – Go to Settings to activate Gnome‘ in the bottom right corner of GNOME 40+ desktop.

    • Distributions

      • New Releases

        • Sailfish OS Suomenlinna brings increased security, stability and reliability

          Suomenlinna is a Fortress built spanning four islands in the Suomenlahti (Gulf of Finland) just South of Helsinki. While Jolla just celebrated its tenth year, Suomenlinna, which literally translates to Finnish Castle, is somewhat older. Construction was started 267 years ago, with many thousands of workers building for nearly ten years before it was completed. Nowadays it’s designated as a World Heritage Site and you can visit it by ferry all year round to see it for yourself.

          It’s an appropriate codename for the Sailfish OS 4.3.0 Suomenlinna release given the emphasis we’ve placed on security improvements for this version of the operating system.

          For while we saw a tranche of new features included in the Sailfish OS 4.2.0 Verla release, in 4.3.0 Suomenlinna it’s much more about stability, bug-fixes and security improvements.

          Deeper integration and improved security

          The headline improvement is one that was already trailed by Ville in his recent Sandboxing blog post. From now on, any app that defines an application profile will be automatically sandboxed. This is currently an opt-in process; any app that isn’t updated in this way will still run outside the sandbox. As a user this means you will start to see some third party apps bring up the sandboxing dialogue on first run. You should already be familiar with this from 4.2.0, in which the Jolla apps were already sandboxed. In 4.3.0 Suomenlinna you’ll start to see this more often. Users can of course still run apps however they want, but can feel more confident when running apps inside the sandbox.

          This is an important security advancement, and follows the roadmap Ville described towards having all apps sandboxed. We’ve been careful to increase security without compromising user-control, and we think you’ll appreciate the extra peace-of-mind that sandboxing brings.

        • Sailfish OS 4.3 Released With Better Android App Support – Phoronix

          For fans of Jolla’s Linux-based smartphone platform, Sailfish OS 4.3 “Suomenlinna” is out today.

          Sailfish OS 4.3 delivers on security improvements, including improved sandboxing support for applications. Jolla is still working towards having all Sailfish OS apps be sandboxed, among other ongoing security improvements.

      • SUSE/OpenSUSE

        • MicroOS Remote Attestation with TPM and Keylime

          During 2021 we have been starting to focus more in security for MicroOS. By default MicroOS is a fairly secure distribution: during the development all the changes are publicly reviewed, fixes (including CVEs) are integrated first (or at the same time) in Tumbleweed, we have read-only root system and a tool to recover old snapshots, and periodically the security team audit some of the new components. Also, the move from AppArmor to SELinux should help to standardize the security management.

          But we really want to rise the bar when it is possible. For example, we are starting to think on how to enable IMA/EVM properly in the distribution, or what alternatives we have for full disk encryption supported by a TPM. There are some evaluation on dm-verity inside the new Transactional Image Update installer.

          Another area where we make progress in MicroOS is how to measure the health of our systems, detect remotely when an unauthorized change has been made (remote attestation), and actuate over it globally and as fast as possible.

        • Accelerate Cloud Native DevOps with Erik Sterck FramES and SUSE Rancher

          Erik Sterck and SUSE deliver a “single button” approach to cloud native DevOps environments, making it easier than ever to achieve successful digital transformation and accelerate toward your cloud native goals.

        • Survey Results of Packagers, Maintainers Posted – openSUSE News

          The openSUSE Project has posted results from a recent survey that ran between Oct. 7 and Oct. 29.

          The aim was to gather more information from open-source developers, development teams, packagers and maintainers. The survey also aimed to determine the satisfaction level of contributors and better understand the complexities and challenges they encounter with the project’s development. The survey provided an area to comment and provide suggestions to improve relevant aspects of the project and its tools.

      • IBM/Red Hat/Fedora

        • What’s new in RHEL 8.5

          Red Hat Enterprise Linux (RHEL) 8.5 is now generally available (GA), and brings new features and improvements to help streamline deployments, optimize performance and help mitigate risk in your environments. Whether you’re deploying RHEL on-prem, in the public cloud, at the edge — or all of the above — RHEL 8.5 has improvements that users will be eager to dig into.

          RHEL 8.5 continues the tradition of new features and improvements for running Linux containers. This release brings tooling that will add flexibility and reduce friction in running Podman in a wider range of environments.

        • Red Hat Announces General Availability of Red Hat Enterprise Linux 8.5

          Red Hat, Inc., a leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 8.5, the latest version of a leading enterprise Linux platform. Red Hat Enterprise Linux offers a common, open operating system that extends across clouds, traditional datacenter operations and out to the edge. The platform enables IT teams to lean on existing skills while they use new and expanded capabilities to build the transformative applications and services required by their business, regardless of where these workloads may ultimately live.

        • RHEL 8.5: OpenJDK 17, .NET 6, and more

          At Red Hat Summit 2019, we announced that minor releases of Red Hat Enterprise Linux (RHEL) would be available every six months. Following the success of RHEL 8.4 in May 2021, we have completed yet another exciting release of Red Hat Enterprise Linux, and Red Hat Enterprise Linux 8.5 is now available. We recommend upgrading both your development and production systems to the new 8.5 release.

          Read on for an overview of the major highlights for developers in RHEL 8.5.

        • What Version of RHEL am I Using?

          RHEL or Red Hat Enterprise Linux is one of the many operating systems provided by Red Hat. Red Hat is a popular Linux OS and has started functioning ever since the mid-1990s. Red Hat earned a good reputation due to being stable, regularly updated, and reliable.

          If you are using RHEL and want to find its version, this article is for you. Now let’s check 7 useful methods to know what version of RHEL you are using.

        • Red Hat Satellite 6.9.7 has been released

          We are pleased to announce that Red Hat Satellite 6.9.7 is generally available as of November 10, 2021.

          Red Hat Satellite is part of the Red Hat Smart Management subscription that makes it easier for enterprises to manage patching, provisioning, and subscription management of Red Hat Enterprise Linux infrastructure.

        • Toolbox is now Toolbx | Debarshi’s den

          Toolbox is being renamed to Container Toolbx or just Toolbx.

          I had always been uncomfortable by the generic nature of the term toolbox and people keep complaining that it’s terribly difficult to search for. Recently, we have been trying to improve the online presence of the project by creating a website and a Twitter handle, and it’s impossible to find any decent Internet real estate with anything toolbox.

          It looks like dropping the penultimate character from words to form names is a thing these days, hence Toolbx.

        • Kafka Monthly Digest: October 2021 | Red Hat Developer

          Get the latest news from the Apache Kafka developer community, including new milestones for Kafka 3.1.0, Debezium 1.7, Strimzi 0.26.0, and more.

        • Leading from open: How military veterans view open culture at Red Hat

          Red Hat’s culture is built on the open source principles of transparency, collaboration and inclusion, where the best ideas can come from anywhere and anyone. You might not immediately think that this culture has a lot of overlap with that of the military, which may appear to be hierarchical and rely on command and control, but Red Hatters from our Military Veterans Diversity and Inclusion Community would disagree.

        • JNLP Access to BMC On Fedora | Adam Young’s Web Log

          I recently had to get in to a serial console on the machine. The IPMI address hosts a web console. From that you can get a serial console on the server, but you need JNLP, which stands for Java Net Launch Protocol. It is implemented by IcedTea in OpenJDK: icedtea-web is the name of the RPM on Fedora 34.

      • Debian Family

      • Canonical/Ubuntu Family

        • What To Do After Installing Ubuntu 21.10 Impish Indri

          Ubuntu 21.10, the latest release of the most popular desktop operating system from the GNU/Linux community, has been released this October and you perhaps have the system already on your computer. Once installed, you might want to know what to do after that for your daily purposes, with several configurations, additional apps and games. Enjoy Ubuntu computing!

        • Canonical Makes it Easy to Run a Linux VM on Apple M1

          Ever since Apple introduced its M1 chips, numerous efforts have been made to run Linux on it.


          It is convenient for most developers to spin up a Linux VM instance and continue working on their system without interruptions.

          Unfortunately, getting a Linux instance up and running on M1 devices is not a straightforward task.

          While you have tools like VMware and VirtualBox to create virtual machines, it does not work on ARM-based Apple M1 silicon.

          As of now, VMware is slowly adding support for its products to work on Apple M1. However, that is still in closed beta and not feasible for users.

        • Canonical’s new Multipass 1.8 runs Ubuntu Linux in a VM on M1 Macs
        • Canonical’s Multipass 1.8 brings instant Ubuntu VMs to M1 Macs
        • Canonical Is Bringing Ubuntu To M1 Macs With ‘Multipass’

          There’s no denying the fact that M1 Macs are the most revolutionary devices that we’ve seen in the past decade. However, one of the many things they lack is the ability to run Linux. The recent Linux Kernel releases have improved M1 support, but Linux is still not very usable on M1.

          As of writing this, the only way to install Linux on M1 Macbooks is by using a Virtual Machine software like Parallels. Canonical has also followed the same road and is now offering ‘Multipass,’ which it claims is the fastest and easiest way to install Linux on M1 Macs.

        • Linux finally has an impressive cloud-like OS in Ubuntu Web

          Linux powers the cloud. But for the longest time, the operating system that single-handily makes the cloud possible didn’t really have a desktop distribution that offered much in the way of applications that interacted well with the cloud. Yes, there’s a Dropbox app and a few third-party tools that can be installed to sync your desktop to cloud storage accounts … but not much more.


          And then comes Ubuntu Web. This new-ish distribution promises to be the Chrome OS for Linux and, wow, does it achieve just that. To be honest, when I first heard about the remix I was doubtful. I’d seen so many distributions attempt them and, for the most part, fail. So, with trepidation, I downloaded the latest version of Ubuntu Web, spun up a VM, and gave it the test.

          Upon completing the installation, I logged in and was greeted by a window I’d never seen before in a Linux distribution. Said window required I log in. But to what account? It didn’t take me long to realize it was requesting I log into an /e/ foundation account (which I already had). Logging into the /e/ account makes it possible for you to take advantage of a rather nifty trick Ubuntu Web has up its sleeve. Said trick is WayDroid, a port of Anbox which allows users to install Android apps from the /e/ store.

        • Linux overview | Xubuntu 21.10 – Invidious

          In this video, I am going to show an overview of Xubuntu 21.10 and some of the applications pre-installed.

        • SQL Server on Ubuntu Pro: bringing it all back home [Ed: Canonical sucking up to Microsoft again, instead of competing against its proprietary software]]
    • Devices/Embedded

      • Amlogic S905X based Pi lookalike starts at $35

        Geniatech’s Raspberry Pi like “XPI-S905X2/X3/X4” SBC runs Android on a quad -A53 Amlogic S905X2 or quad -A55 S905X3 or X4 with 2GB RAM, 8GB eMMC, GbE, HDMI, 4x USB, 40-pin GPIO, and optional WiFi/BT.

        Geniatech has previously used Amlogic SoCs on its feature-rich DB10 dev board, which is based on Amlogic’s hexa-core -A73 and -A53 A311D, and has now returned with a Raspberry Pi pseudo clone built with a choice of three quad-core Amlogic SoCs: the Cortex-A53 based S905X2 and the Cortex-A55 based S905X3 and S905X4. The Android-supported XPI-S905X2/X3/X4 SBCs, which are also referred to as the 4K Single Board ARM PCs, go for $35 for the S905X2 model and $42 for the S905X3 version. The S905X4 model is not yet available.

      • Geniatech Unveils New 4K-Capable Raspberry Pi Alternative

        Two new boards in the Raspberry Pi form factor have appeared from Geniatech. Equipped with Amlogic processors, the XPI-S905X2 and XPI-S905X3, as spotted by CNX Software, claim 4K video playback capability.


        All the new boards are capable of playing back 4K60 video in the VP9 Profile 2, HEVC MP-10, ACS2-P2, and H.264 AVC formats, while the most powerful (sporting an S905X4 chipset) can manage AV1 at 4K120 too.

        You get a power adapter and passive cooling fin in the box, and the boards use Android 9 as their OS, though it shouldn’t be too hard to get Linux up and running, as other Geniatech boards support that option.

      • Raspberry Pi inspired Intel SBC supports Myriad X AI accelerator, 5G connectivity

        Axiomtek KIWI310 may look like a Raspberry Pi SBC but it packs an Intel Celeron N3350 processor, an M.2 slot with support for Myriad X AI accelerator, and the company also offer a HAT with 5G cellular connectivity.

        The single board computer also comes with up to 4GB LPDDR4 memory, up to 64GB eMMC flash, a Micro HDMI port, two USB 3.0 and two USB 2.0 ports, as well as the ubiquitous 40-pin GPIO header. Power options are also an improvement over your typical Raspberry Pi board with USB-C PD as well as LiPo battery support.

      • CutiePi – a Raspberry Pi CM4 Linux Tablet

        It has an 8″ 1280×800 multi-touch display, a 5000 mAh battery, USB 2.0, USB-C power (you can use the tablet while charging), micro HDMI for an external monitor or TV, and a microphone, speaker, and 5MP 1080p rear-facing camera.

        But my favorite thing? The rear case pops off after removing eight #2 phillips-head screws! No pentalobe here. The entire design is made to be repairable (to a certain extent), and is also open source, including the custom CutiePi Shell UI, which is so far the best custom tablet UI I’ve played with on a Raspberry Pi (though… that’s not saying much!).

      • Lilbits: CutiePi Linux tablet, NXP i.MX 93 chips, Twitter Blue, and YouTube’s Dislike button – Liliputing

        The CutiePi tablet with a built-in handle, a Raspberry Pi for brains, and Linux-based software is nearing release. Twitter is charging people willing to pay for an Undo Tweet button (and a few other perks). Google hopes YouTube might be a friendlier place if it hides the number of times the dislike button has been clicked on videos. And NXP has unveiled a new processor family.

      • Time to put this DIY absolute position encoder to work as a clock | Arduino Blog

        Being able to derive the absolute position of an object is vital in countless applications, primarily for anything that uses a motor. Instructables user holybaf had the idea to build their own rotary encoder, which has 60 degrees of resolution and utilizes a CD to act as a precise clock.

        To accomplish this, they first laid down a single circular track featuring patterns of light and dark areas that each correspond to a single value. By reading these areas with a set of six infrared emitters/detectors and comparing their current reading to the previous one, an absolute position can be determined.

      • Raspberry Pi Unveils ‘Code Club World’: A Way for Kids to Learn Code at Home – FOSS Force

        On Tuesday, the Raspberry Pi Foundation announced Code Club World, a child-friendly website purposed with helping children aged 9 to 13 “learn to make stuff with code.”

        In a blog announcing the project, Laura Kirsop, the Raspberry Pi Foundation’s head of learning experience, said the project was one result of the foundation’s efforts to create tools to help parents with homeschooling efforts during the Covid-19 pandemic.

        “When we spoke to parents and children about learning at home during the pandemic, it became clear to us that they were looking for educational tools that the children can enjoy and master independently, and that are as fun and social as the computer games and other apps the children love,” she said.

      • MXM modules showcase Nvidia Ampere

        Adlink’s “EGM-MXM-A” modules for edge AI bring Nvidia’s high-end Ampere graphics to MXM 3.1. The modules include RTX A1000, A2000, and A4500 graphics, with the latter offering 5,120 CUDA, 40 RT, and 160 Tensor cores for up to 17.8 TFLOPS.

        In May, Adlink announced the first MXM 3.1 modules with Nvidia Turing GPUs, ranging from the Quadro T1000 to the RTX5000. The company has followed up with the industry’s first MXM modules equipped with Nvidia’s higher-end Ampere graphics.

      • NXP’s i.MX9 debuts with dual -A55, microNPU equipped i.MX93

        NXP unveiled a Linux-driven, energy-efficient “i.MX93” SoC for IoT with 1x or 2x 1.7GHz Cortex-A55 cores, 2D GPU, 250MHz Cortex-M33, NXP EdgeLock security, and options including a 1-TOPS Arm Ethos-U65 microNPU and Azure Sphere security.

        NXP announced the first of several i.MX9 processors, which offer improved security and power management and an optional 1-TOPS Arm Ethos-U65 microNPU. NXP’s first i.MX9 chip is a low-end i.MX93 model that focuses on energy efficient IoT applications, including battery-powered devices. The i.MX93 is equipped with 1x or 2x 1.7GHz Cortex-A55 cores, a 250MHz Cortex-M33, and an optional 1-TOPS, 256 MACs/cycle Arm Ethos-U65 microNPU.

        The i.MX93 is equipped with a 2D-only graphics GPU with support for up to 1080p60 encode and decode with MIPI-CSI and -DSI and 720p60 for LVDS and parallel interfaces. The GPU supports blending/composition, resizing, and color space conversion. Applications include voice-assisted smart home and building systems, low-power industrial gateways, and automotive driver monitoring systems.

      • NXP i.MX 93 processor combines Cortex-A55 cores with Ethos U65 microNPU – CNX Software

        NXP has unveiled the i.MX 93 processor family comprised of i.MX 935x, 933x, 932x, and 931x parts at this time with up to two Cortex-A55 cores, one Arm Cortex-M33 real-time core, as well as an Ethos U65 microNPU for machine learning (ML).

        We wrote about i.MX 9 family back in March with NXP telling us it would include an Arm Ethos U-65 microNPU and EdgeLock secure enclave, be manufactured with a 16/12nm FinFET class process, and includes the “Energy Flex” architecture to optimize power consumption by turning on/off specific blocks in the processor. The NXP i.MX 93 is the first family leveraging those new features, and we know have some more details.

      • Open Hardware/Modding

        • 3D Printed Absolute Encoder Is Absolutely Wonderful | Hackaday

          When you need to record the angle of something rotating, whether it’s a knob or a joint in a robotic arm, absolute rotary encoders are almost always the way to go. They’re cheap, they’re readily available, and it turns out you can make a pretty fantastic one out of a magnetic sensor, a ziptie, and a skateboard bearing.

        • James Bruton built a robot that moves like an earthworm | Arduino Blog

          Self-propelling robots come in a whole host of shapes, sizes, and capabilities, with some being able to fly while other can walk on just a couple or many legs. But YouTuber James Bruton wanted to innovate on this concept even further by designing and building a robot that mimics an earthworm through extending and contracting segments at certain times to slowly inch along the ground. This class of motion is called peristalsis, and it works by constricting a ring of muscles to propagate material, such as in the case of the digestive tract, or to move an entire body.

        • Ikea PM2.5 air quality sensor’s ESP8266 hack adds WiFi, MQTT, and Tasmota support – CNX Software

          Ikea VINDRIKTNING PM2.5 air quality sensor functionality can be augmented with an ESP8266 WiFi board or module, and open-source firmware adding MQTT, or the popular Tasmosta firmware for more features.

          Out of the box, Ikea air quality sensor simply shows green (good), yellow (ok), and red (not good) colors to indicate the level of pollution with PM2.5 levels. But Sören Beye (Hypfer), who also happens to have developed Valetudo firmware for smart vacuum cleaners, has added a Wemos D1 Mini board to his sensor and developed open-source firmware with MQTT support.

        • Streamline Your SMD Assembly Process With 3D-Printed Jigs | Hackaday

          Maybe it’s time to try Stencilframer, a 3D-printable jig generator created by [Igor]. This incredibly useful tool takes either a set of gerbers or a KiCad PCB file and generates 3D models of a jig and a frame to securely hold the board and associated stencil. The tool itself is a Python script that uses OpenSCAD for all 3D geometry generation. From there, it’s a simple matter to throw the jig and frame models on a 3D printer and voilà!– perfectly-aligned stencils, every time.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • Upcoming release – coreboot 4.15

        The 4.15 release is planned for November 5th, 2021.

        Since 4.14 there have been more than 2597 new commits by more than 219 developers. Of these, over 73 contributed to coreboot for the first time.

        Welcome to the project!

        Thank you to all the developers who continue to make coreboot the great open source firmware project that it is.

      • Coreboot 4.15 Released With New System76 Laptops, More ASUS Motherboards – Phoronix

        Coreboot 4.15 was tagged today as the latest advertised version of this open-source firmware implementation for systems. With this new version are 21 additional laptops and motherboards supported.

        With Coreboot 4.15 comes 21 new motherboard ports, 14 of which are for supporting different System76 laptops. System76 recently upstreamed a number of their laptop ports with the likes of the Oryx Pro 7 / 8, Galago Pro 2 / 3, Gazelle 14, and others being part of the growing upstream collection of supported System76 products by Coreboot.

      • Free and Online ’2021 State of the Onion’ Slated for November 17 – FOSS Force

        This event is aimed squarely at users and advocates of the TOR (short for The Onion Router) Project, which produces a Firefox-based browser that directs users internet traffic through a free global network of relays to conceal users’ locations from network surveillance or third party traffic analysis. This not only allows users to travel the web unseen, but the ability to conduct unmonitored confidential communications.

        Until last year’s arrival of Covid-19, the State of the Onion wasn’t a stand alone event, but consisted of a compilation of updates from different Tor projects that was disseminated at various conferences during the year. When Covid hit in 2020, resulting in mass cancellation of in-person events, the TOR project presented the State of the Onion as a standalone live streaming event.

      • Google Makes Some Major Changes To Summer of Code 2022 – No Longer Limited To Students

        Over the past nearly two decades Google Summer of Code (GSoC) has been known as an initiative for getting students involved with open-source software development over the course of a summer while receiving a stipend/grant from Google. Beginning next year, GSoC will no longer be limited to students but open to all adults. Additionally, other changes are also coming.

        This year Google shortened the GSoC length and cut the stipend amount. They made those changes this year in the name of COVID-19 while for GSoC 2022 there are even more changes.

      • Web Browsers

        • Mozilla

          • How to download the latest version of Firefox

            I am taming Firefox, getting it to run nicely on my Acer Aspire 1 laptop. Over the last couple of days I posted to the blog about issues with Firefox. It even froze the desktop when attempted to do an update.

            I have managed to completely disable updating, will document how that is achieved later.

            A different update strategy: Each release of EasyOS will have the latest version of Firefox. No need for users to use the auto-update feature in Firefox. You can turn it on if you want, but no need. I am bringing out new releases of EasyOS quite frequently.

          • Firefox Nightly: These Weeks in Firefox: Issue 101
          • Personalize Firefox with colorways

            Starting with Firefox version 94, you will be able to personalize your browsing experience with 18 exciting new colorways themes. Each limited edition colorway presents its own individual bespoke characteristic. Find a color that better fits you with our palette.

      • SaaS/Back End/Databases

      • FSFE

        • Software Freedom in Europe 2021

          Cancelling of large events, limitations in meetings, and travel restrictions: none of this stopped the FSFE from advancing software freedom in 2021. From Router Freedom to new podcast episodes to co-organising the Legal and Policy devroom at FOSDEM, we keep empowering people to control technology.

          ‘Public Money? Public Code!’ online workshops were offered to volunteers, and an online Legal and Licensing Workshop for legal experts was organised. The FSFE assisted software projects to become REUSE compliant with our new initiative, REUSE Booster. We created a monitoring map to demonstrate the developments of Router Freedom rights in Europe. The FSFE presented suggestions and demands to support sustainable software. Meanwhile, a two-year court case initiated by FSFE supporter Luca Bonissi successfully came to an end, unequivocally recognising the right to a Windows licence refund. Overall, significant accomplishments for software freedom marked 2021, the year FSFE is celebrating its 20th anniversary.

      • FSF

        • Public Invited to Today’s Online Community Planning Day for International Day Against DRM 2021 – FOSS Force

          Today the Free Software Foundation is having a community planning day today for the upcoming International Day Against DRM 2021 event, and the public is invited to attend.

          The annual event, started in 2006 by FSF’s anti-DRM initiative Defective by Design, seeks to be “a counterpoint to the pro-DRM message broadcast by powerful media and software companies,” as well as to draw attention to the anti-consumer aspects of DRM. This year, the worldwide event is scheduled to take place on December 10, 2021.

      • Programming/Development

        • Intel Updates Alder Lake Tuning For GCC, Reaffirms No Official AVX-512 – Phoronix

          Posted last year for introduction in the GCC 11 stable compiler released earlier this year was the initial Alder Lake “alderlake” target. Now that Intel 12th Gen Core “Alder Lake” processors are officially out, Intel engineers have updated their Alder Lake tuning for the GNU Compiler Collection to yield more efficient performance with GCC 12 due out in Q2’2022.

    • Standards/Consortia

      • 10 Image File Formats That Didn’t Make It

        From PCX to TGA to VRML, considering a number of image formats that the world forgot. Not every image standard is going to last, no matter how pretty it is.

        Around this time 30 years ago, two separate working groups were putting the finishing touches on technical standards that would come to reshape the way people observed the world. One technical standard reshaped the way that people used an important piece of office equipment at the time: the fax machine. The other would basically reshape just about everything else, becoming the de facto way that high-quality images and low-quality memes alike are shared on the internet and in professional settings. They took two divergent paths, but they came from the same place: The world of compression standards. The average person has no idea what JBIG, the compression standard most fax machines use, is—but they’ve most assuredly heard about JPEG, which was first publicly released in 1992. The JPEG format is awesome and culture-defining, but this is Tedium, and I am of course more interested in the no-name formats of the world. Today’s Tedium discusses 10 image formats that time forgot. Hope you have the right conversion tool.

  • Leftovers

    • Science

      • Faster IPA Recycling For Your Resin Print Workflow | Hackaday

        If you’ve printed with photopolymer resins, you know that you need alcohol. Lots of alcohol. It makes sense that people would like to reuse the alcohol both to be environmentally responsible and to save a little money. The problem is that the alcohol eventually becomes so dirty that you have to do something. Given time, the polymer residue will settle to the bottom and you can easily pour off most of the clean liquid. You can also use filters with some success. But [Makers Mashup] had a different idea. Borrowing inspiration from water treatment plants, he found a chemical that will hasten the settling process. You can see a video of his process below.

        The experimentation started with fish tank clarifier, which is — apparently — mostly alum. Alum’s been used to treat wastewater for a long time. Even the ancient Romans used it for that purpose in the first century. Alum causes coagulation and flocculation so that particles in the water wind up sinking to the bottom.

    • Hardware

      • IBM PCjr From 1984 Keeps Today’s Clocks Running In Sync | Hackaday

        We’ve gotten used to the fact that the clocks on our internet-connected computers and smartphones are always telling the right time. Time servers, provided by a variety of government agencies as well as tech giants, provide them with the exact time and date thanks to accurate atomic clocks and the clever Network Time Protocol (NTP). But it wasn’t always like this: back in the 1990s when many computers didn’t have an internet connection, we had to adjust our computers’ clocks manually. Go back one more decade, and many PCs didn’t even have a battery-backed clock at all; you either set the proper date and time when the computer booted, or just lived with the fact that all new files were timestamped 01-01-1980.

        [Michael Brutman] decided to mix today’s world of network time synchronization with the old world of batteryless PCs, and built an SNTP Time Server that runs on a DOS PC. He tried it with two different hardware setups: a 40 MHz 386 PC from 1993, and the (in)famous IBM PCjr from 1984. A standard GPS module serves as an accurate time reference; these units can often be directly connected to old hardware thanks to the eternal RS-232 standard.

      • Most FDM Printers Are Also Filament Dryers (with A Little Help) | Hackaday

        If you’ve printed with an FDM printer, you probably know there are many interrelated factors to getting a good print. One key item is the dryness of the filament. When you first crack your plastic open, it should be dry. Most filament is packed in a sealed bag with desiccant in it. But if you have the filament out for a while, it soaks up moisture from the air and that causes lots of problems. [Design Prototype Test] has built and bought filament dryers before, but now he would like to point out that every FDM printer with a heated bed can act as a filament dryer. You can see the details in the video below.

      • A Breathtaking Circuit Sculpture Clock | Hackaday

        Here at Hackaday, we pride ourselves on bringing you the very freshest of hacks. But that doesn’t mean we catch all the good stuff the first time around, and occasionally we get a tip on an older project that really should have been covered the first time around. This remarkable circuit sculpture clock is a perfect example of one that almost got away.

        [Gislain Benoit] creation is called “The Tower” for good reason: it’s built inside what amounts to a giant glass test tube. Inverted and adorned with MDF discs, the Pyrex tube stands 5 feet (1.5 meters) tall, and is absolutely stuffed with electronic goodness. There are more than 2,100 discrete components mounted inside on a helical framework of carefully bent wires, forming a vertical sculpture that displays the time on three separate pairs of seven-segment displays. All the diode-transitor logic circuits are built from discrete components; nary a chip was used, and to spice things up, [Gislain] used LEDs in place of regular diodes everywhere in the circuit. The result is a constant light show as the clock goes through its paces.

    • Health/Nutrition/Agriculture

    • Integrity/Availability

      • Proprietary

        • Chrome OS virtual keyboard gaining dark theme, Unicode 14 emoji, Linux apps support

          Google is working on improvements to Chrome OS’s virtual keyboard, including a new dark theme, Unicode 14 emoji, and the ability to type while using Linux apps.

          For over a year now, Google has been working on a light/dark toggle for Chrome OS, which would take the current default theme and make it even darker, while also offering a massively redesigned light theme that we first showcased last September. Given how long it’s been in progress, it’s clear that Google wants to perfect all of the minor details of both sides of this light/dark theme toggle before launching it to everyone.

          To that end, the next piece of Chrome OS to get a dark theme is the virtual keyboard — the touchscreen keyboard that appears when you’re using a tablet or when your convertible Chromebook has the keyboard flipped away. According to a new flag being added to chrome://flags, the virtual keyboard will be getting a new theme that won’t be as blindingly white as its current iteration.

        • Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs [Ed: It's even worse than this because Microsoft admitted that it plugs some security holes without ever announcing the corresponding bugs at all]

          Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.

          Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, Windows Hyper-V, Windows Defender, and Visual Studio.

        • Pun-free Cylance vulnerability, fixed | Pen Test Partners

          A heap overflow resulting in a denial of service, low privilege arbitrary file delete and an elevation of privilege from limited service accounts to SYSTEM.

          It is recommended that the software is either upgraded to the latest 158x stream or version 1578 at the time of writing. Further information on the advisory can be found here.

        • Security

          • Younger generations care little about cybersecurity – Help Net Security

            According to SailPoint, 59% of workers use corporate email for personal use, but younger generations are the biggest cybersecurity offender.

          • Intel and Canonical to secure containers software supply chain

            Today, cloud-native developers benefit from an abundance of resources to compose their applications. With container images, packaging all these resources in a standard, easy-to-reuse format is now easier than ever. Unfortunately, container images also make it easier to package unneeded, vulnerable software or even malicious resources.

            Knowing which resources to use and what is a safe base layer when starting a cloud-native project is challenging. Extreme caution should go into picking these dependencies deliberately. Organisations need to provide their developers with “sane defaults”, trusted sources to underpin and support applications.

          • Security updates for Wednesday

            Security updates have been issued by Debian (openjdk-8 and samba), Fedora (community-mysql, firefox, and vim), openSUSE (binutils, kernel, and tinyxml), Red Hat (annobin, autotrace, babel, bind, binutils, bluez, compat-exiv2-026, container-tools:2.0, container-tools:3.0, container-tools:rhel8, cups, curl, dnf, dnsmasq, edk2, exiv2, file, file-roller, firefox, gcc, gcc-toolset-10-annobin, gcc-toolset-10-binutils, gcc-toolset-10-gcc, gcc-toolset-11-annobin, gcc-toolset-11-binutils, gcc-toolset-11-gcc, glib2, glibc, GNOME, gnutls and nettle, go-toolset:rhel8, grafana, graphviz, grilo, httpd:2.4, jasper, java-17-openjdk, json-c, kernel, kernel-rt, kexec-tools, kpatch-patch, lasso, libgcrypt, libjpeg-turbo, libsepol, libsolv, libssh, libtiff, libwebp, libX11, linuxptp, lua, mingw-glib2, mutt, ncurses, NetworkManager, openjpeg2, openssh, openssl, pcre, pcs, php:7.4, python-jinja2, python-lxml, python-pillow, python-pip, python-psutil, python27:2.7, python3, python36:3.6, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, qt5, resource-agents, rpm, rust-toolset:rhel8, spamassassin, sqlite, squid:4, tcpdump, tpm2-tools, vim, virt:rhel and virt-devel:rhel, and zziplib), and SUSE (binutils and kernel).

          • WordPress 5.8.2 Security and Maintenance Release

            WordPress 5.8.2 is now available!

            This security and maintenance release features 2 bug fixes in addition to 1 security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.2 have also been updated.

            WordPress 5.8.2 is a small focus security and maintenance release. The next major release will be version 5.9.

          • Linux patching — the why and the how | TahawulTech.com

            Since the region’s governments initiated their economic-diversification initiatives, Middle East enterprises have been digitising at a robust pace, putting them squarely in the crosshairs of cybercriminals. But when COVID-19 struck, and businesses and governments flocked to the cloud for its promise of continuity, things got worse. In the UAE, for example, the nation’s top cybersecurity official revealed a 250% increase in attacks from 2019 to 2020. This is what bad actors do. They take advantage of circumstances, any circumstances, to pounce.

            And what a circumstance the pandemic turned out to be for digital malefactors. To settle quickly into their new homes in the cloud, regional organisations had to accept new, untested ecosystems. Multiple network domains that fell outside the control of IT, coupled with a mushrooming of Shadow IT, dumped alien environments on the heads of thousands of under-resourced tech teams.

          • Rust-proofing the internet with ISRG’s Prossimo

            You know the non-profit Internet Security Research Group (ISRG) for its Let’s Encrypt certificate authority, the most popular way of securing websites with TLS certificates. The group wants to do more. Its newest project, Prossimo, seeks to make many basic internet programs and protocols memory-safe by rewriting them in Rust.

          • Privacy/Surveillance

            • NFC Performance: It’s All In The Antenna | Hackaday [Ed: 'Chipping' people through cards you compel them to carry]

              NFC tags are a frequent target for experimentation, whether simply by using an app on a mobile phone to interrogate or write to tags, by incorporating them in projects by means of an off-the-shelf module, or by designing a project using them from scratch. Yet they’re not always easy to get right, and can often give disappointing results. This article will attempt to demystify what is probably the most likely avenue for an NFC project to have poor performance, the pickup coil antenna in the reader itself.

            • Civil society counters Big Tech in Massachusetts privacy debate – Access Now

              Today, Access Now and a coalition of civil society organizations are correcting the record regarding the Massachusetts Information Privacy Act (MIPA) — an important state initiative to protect people’s fundamental right to privacy and to hold Big Tech accountable, which is under fire from corporate lobbyists.

              “Massachusetts can set a standard by passing one of the strongest privacy frameworks in the country, and standing up to Big Tech,” said Willmary Escoto, U.S. Policy Analyst at Access Now. “As usual, the industry is attempting to confuse, delay, and stop any bill that would lead to real privacy protections. Our letter provides further evidence that industry’s arguments are hollow. Massachusetts should move full steam ahead with MIPA to help protect Massachusettsans’ privacy, and to influence a federal law.”

    • Defence/Aggression

    • Environment

    • Civil Rights/Policing

      • Portugal makes it illegal for your boss to text you after work in ‘game changer’ remote work law | Euronews

        Remote workers in Portugal could see a healthier work-life balance under new labour laws approved by the country’s parliament.

        The new rules approved on Friday are a response to the explosion of home working as a result of the COVID-19 pandemic, Portugal’s ruling Socialist Party said.

        Under the new rules, employers could face penalties for contacting workers outside of office hours. Companies will also have to help pay for expenses incurred by remote working, such as higher electricity and internet bills.

    • Internet Policy/Net Neutrality

      • Libya’s cybercrime law: A threat to freedom of expression

        Access Now and a coalition of civil society organizations call on the Libyan authorities to immediately rescind the new cybercrime law adopted by the Libyan House of Representatives on October 26, 2021.

        The new bill, which was leaked on social media by a number of MPs and experts, will significantly limit freedom of expression online and grant Libyan authorities the liberty to target and suppress human rights activists and defenders, and restrict press freedom. The cybercrime law will also hand Libyan authorities the power to monitor and censor content published on social media “and any other technical platform”, and to block websites without judicial orders.

        “The new cybercrime law is repressive and constitutes a real danger to fundamental rights and freedoms in Libya”, said Marwa Fatafta, MENA Policy Manager at Access Now. “Cybercrime cannot be combated by muzzling, blocking, and surveilling speech online based on broad and ambiguous definitions. We call on the Libyan authorities to rescind this law.”

      • Human rights organizations call on Libyan authorities to rescind the new cybercrime law – Access Now

        The undersigned organizations call upon Libyan authorities to rescind the cybercrime law recently adopted by the Libyan House of Representatives. The law would severely restrict freedom of expression, curtail press freedom, and legalize mass surveillance of speech online. Additionally, the law allows for warrantless blocking of websites and content.

        During the plenary session held on October 26, 2021, the Libyan House of Representatives ratified the Anti-Cybercrime Law. The vote comes at a pivotal moment for Libya with the presidential elections scheduled for December 24, 2021. In order to ensure these elections are free, fair, and transparent, it is imperative to guarantee freedom of opinion and expression as well as freedom of press, both offline and online.

        The draft bill was quickly passed, only one day after it was added to the parliament’s agenda and without public consultation with Libyan civil society, human rights defenders, or experts. This has prompted the undersigned organizations to examine the version available on social media, which was leaked by Members of Parliament and experts in the digital field.

    • Monopolies

      • Copyrights

        • Reborn Into a New Form (1849) – The Public Domain Review

          A second life? To live again? Fyodor Dostoevsky, famously, survived the uncanny pantomime of his own execution, and found himself, on the other side, “reborn into a new form”. These were Dostoevsky’s words, written to his brother in the wake of ordeal. Here below, those very words are themselves given a kind of second life: in this excerpt from Dostoevsky in Love: An Intimate Life (published earlier this year), Alex Christofi stitches primary source excerpts into a “reconstructed memoir” — the memoir that Dostoevsky himself never wrote. The dream of literature made entirely of quotations reaches back across more than a century of cut-ups, remixes, centos, and collages: from Octavian Esanu’s brilliant JFL, What Does “Why” Mean? (2002), through Guy Debord’s Mémoires (1958), and over the mountain of Walter Benjamin’s landmark “Arcades” project (1927–1940). In 1990, Richard Price’s pioneering history of slave rebellion in Suriname, Alabi’s World (1990), used four different typefaces, one for each of the “voices” being woven into a single work. Here, in this re-collected episode, Christofi, too, is weaving: weaving Dostoevsky’s autobiographical fiction together with his fantastic life. — D. Graham Burnett, Series Editor

        • Laughter in the Time of Cholera – The Public Domain Review

          Political instability, popular unrest, and an impending pandemic? Welcome to France in the early 1830s. Vlad Solomon explores what made Parisiens laugh in a moment of crisis through the prism of a vaudeville play.

Links x/11/2021: Release of Samba 4.15.2, 4.14.10, 4.13.14; TDE Reviewed

Posted in News Roundup, Site News at 7:41 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

      • mintCast 373.5 – App-Get Install

        1:39 Linux Innards
        28:54 Vibrations from the Ether
        35:16 Check This Out
        41:57 Announcements & Outro

        In our Innards section, we discuss the applications that we use most often

        And finally, the feedback and a couple of suggestions

      • Command Line Love | LINUX Unplugged 431

        Is the true path to mastering Linux fully embracing the command line? Why it’s time to change our mindset about the terminal.

    • Applications

      • Best Free and Open Source Alternatives to Microsoft Publisher

        Microsoft’s stance for decades was that community creation and sharing of communal code (later to be known as free and open source software) represented a direct attack on their business. Their battle with Linux stretches back many years. Back in 2001, former Microsoft CEO Steve Ballmer famously tarnished Linux “a cancer that attaches itself in an intellectual property sense to everything it touches”. Microsoft also initiated its “Get the Facts” marketing campaign from mid-2003, which specifically criticized Linux server usage, total cost of ownership, security, indemnification and reliability. The campaign was widely criticized for spreading misinformation.

      • Samba 4.15.2, 4.14.10, 4.13.14 security releases available

        There is a set of new Samba releases out there. They fix a long and intimidating list of security issues and seem worth upgrading to for any but the most protected of Samba servers.

        There’s sadly a regression that “allow trusted domains = no” prevents winbindd
        from starting, we’ll try to provide a follow up fix as soon as possible.

      • How Knative unleashes the power of serverless | Opensource.com

        Knative is an open source project based on the Kubernetes platform for building, deploying, and managing serverless workloads that run in the cloud, on-premises, or in a third-party data center. Google originally started it with contributions from more than 50 companies.

      • Transfer files between your phone and Linux with this open source tool | Opensource.com

        Are you looking for a way to quickly copy files from your iPhone or Android mobile device to your Linux computer or from your Linux computer to your devices? I recently discovered an open source application that’s easy to install and makes transferring files as simple as a QR code.

        The qrcp project provides a command that generates a QR code in your terminal that allows you to send or receive files to your computer over the network.

      • Must Read: 10 Cool Command Line Apps for Ubuntu

        Plus — as you’re about to discover — they can be a lot more fun to use too.

        Whether you want to search the web, stream music, or subtweet your secret crush: you can do it all from the comfort of the command line and the frame of your fave terminal emulator.

        In this post I run-through 10 of my favourite terminal apps. These command line tools aren’t the only ones available for each respective task, but they are are all a) easy to use, and b) easy to install.

        So scroll on to soak in a stellar assortment of the very best Linux terminal apps out there — and don’t forget to drop your own favourite down in the comments!

    • Instructionals/Technical

      • How to Install LAMP Stack with PhpMyAdmin in Arch Linux

        Technically, the LAMP stack consists of Linux, Apache, MySQL, and PHP modules. A LAMP stack environment is ideal for web software developers that want to experience how their web application(s) is likely to behave on a server-hosted/production environment.

        It is the perfect testing/debugging platform for your web app until you are confident enough to decouple it and host it on a dedicated server.

      • How to Install Cockpit Web Console on Debian 11 Bullseye – Linux Shout

        Install Cockpit Console on Debian 11 Bullseye or 10 Buster server, a Web graphical interface to control Linux server and run docker Image containers using Podman remotely using the browser.

        The cockpit is an open-source application light in weight and easy to install. In most popular Linux, the packages to install this application is available via the default repository of the operating system. It provides the real-time stats of RAM, processor, and disk directly on its web interface. Apart from this, we can manage services, accounts, users, storage, software, and also there is a Terminal app that lets the users issue all commands with root rights on the remote server.

      • Making an old USB printer support Apple AirPrint using a Raspberry Pi

        There are longer tutorials on how to connect a USB printer to a Raspberry Pi and make it accessible via AirPrint but here’s the minimal one that’s just a list of commands and simple instructions.

      • How to install the Olive Video Editor on Elementary OS 6.0 – Invidious

        In this video, we are looking at how to install the Olive Video Editor on Elementary OS 6.0.

      • How to Open Ports in Ubuntu / Debian – Unixcop the Unix / Linux the admins deams

        By default, the Linux firewall is IPTables. Although it is a very efficient and flexible application, the truth is that it is not easy to manage. Therefore, the community has created equally effective but easier to use alternatives such as UFW.

        In short, UFW stands for Uncomplicated Firewall and is a kind of Front-end for IPTables but dedicated to Ubuntu / Debian. With it, you can set up rules and open ports quickly and easily on the system.

        When you turn UFW on, it uses a default set of rules (profile) that should be fine for the average home user. In short, all ‘incoming’ is being denied, with some exceptions to make things easier for home users. However, all these settings can be changed and adapted to your needs.

        One of the basic and necessary operations we can do with UFW is to open ports. This is necessary when we want an application or service to be able to use our network, either for incoming or outgoing connections.

        So, let’s show you how to open ports in Ubuntu / Debian using UFW.

      • Unable to search for images in Cockpit Podman Container

        In case after installing Podman Container service in Cockpit you are not able to search container images from Docker or other libraries, then here is the solution to resolve this problem.

        We faced this issue after installing Podman Container on Debian 11 Bullseye, well even if you are using any other Linux operating system to run Cockpit and facing the same problem, still the solution given here will be the same.

        Podman Container service is similar to Docker even the command line but daemon less. It is easy to find, run, build, share and deploy applications using the Open Containers Initiative on it.

      • How To Start With WordPress CMS?

        WordPress is undoubtedly the most used and trusted content management system across the world. It’s famous due to its easy integration and user-friendly interface. Using a content management system for your website allows you to edit and publish the content with zero coding knowledge. You don’t need to enter those heading tags for formatting the content, just click on the button, and you are done. You also get access to several free plugins that can help you in formatting your content more efficiently.

      • How to Install and Run Lynis on Ubuntu Linux

        Lynis is an open-source and trusted security auditing tool designed for Linux, macOS, and UNIX derivatives such as FreeBSD and OpenBSD. It is used for a number of purposes including security auditing, vulnerability detection, and compliance testing. The aim of leveraging an auditing tool such as Lynis is to probe and resolve any underlying security vulnerabilities, and configuration errors such as weak user account passwords or inappropriate file permissions that might compromise the system in face of an attack.

      • How Do I Find the Maximum Value of a Column in PostgreSQL?

        PostgreSQL allows you to perform many functions including the built-in data types. You can use any function or operator according to what you need. The most basic used PostgreSQL functions are COUNT, MAX, MIN, AVG, SUM, ARRAY, NUMERIC and, STRING. You can use these functions suitably for retrieving the data from a created table. In this article, we will be discussing finding the maximum value of a column from a table. MAX function is a built-in function in PostgreSQL which returns the maximum value from a given set of values.

      • How to Dual Boot Arch Linux Windows 10

        rch Linux provides a compact platform to use a low-end operating system easily. On the other side, Windows offers impressive features in a great graphical interface. So if you are a fan of both operating systems and want to use both of them, then read this article completely.

        This article explains how to dual boot to install Arch Linux and Windows 10 simultaneously on the same system, enabling both to run on the same machine.

        It is a question of why you should install Arch Linux with Windows. Arch Linux is one of the most straightforward operating systems of Linux. Also, you can customize it according to your needs, and it is very easy to do. Therefore, it is very convenient to have Arch and Windows as operating systems since Windows can be used for gaming and Linux for coding.

      • How to Customize Arch Linux After Installing It

        Installing any system requires users to know how to use it and what functions should be performed within it to work smoothly. The same holds true for Arch Linux. Many Linux users are familiar with Arch Linux, as it is a variant of Linux that is very popular. This article will cover how to install Arch Linux as well as how to use it.

        After system installation in Arch Linux, a very good feature is seen that it works on the principle of (DIY) under which Arch Linux is installed with only a few things. All the other things have to be done according to the user. Which is the right quality with which the user can modify his system according to his own.

        What to do after installing Arch Linux? It just gives a black screen that has to proceed on its own. Although Arch Linux has many things to change or use according to your own, only a few of them are important, or because of this change, it becomes easier to use. Also, due to these changes, we can use it smoothly.

      • How to Install Arch Linux from USB

        Arch Linux emphasizes the specific modifications to the minimum distribution, known as the “keep it simple” principle. As a result, Arch Linux is very popular among Linux users, as it prevents the installation of new versions and only installs them when a new update is available. So if you want to install Arch Linux, then don’t worry because it is a very simple process. This article will give you a brief on the method to install Arch Linux from USB.

        Arch Linux’s special feature is that it requires a minimum system, which is why it is so popular. Judd Wynette introduced Arch Linux in 2002 with an update to the 64 bit x86 (2006) that is still in use today.

        Pacman is a tool used to remove software packages, update any software, and update Arch Linux. Before installing Arch Linux, the main thing to understand is that to install x86_64. First, you need 512 MB RAM, 10 GB free disk space, internet, and a blank DVD or flash drive for installation burn, which is the first step towards installation.

      • How Do I Duplicate a Page in WordPress?

        This tutorial explains how to duplicate or clone WordPress pages and posts, both manually and with the help of plugins.

        WordPress supports different ways to duplicate or clone pages. The manual method to duplicate a page or post in WordPress consists of page/post code copy paste. The alternative method consists of a plugin installation. Like always, WordPress offers different plugin alternatives for this task.

        This tutorial shows you different simple ways any WordPress level administrator can learn.

      • Can You Do Loops in PostgreSQL?

        Whenever we talk about database management systems, PostgreSQL always comes to mind. Data in PostgreSQL can be stored in many ways in the form of tables. To iterate through the stored data, we need a specific methodology that is looping. We use many looping statements and conditional statements to access data and apply different operations to it. This guide will help you in understanding the looping process in a PostgreSQL management system.

      • Bootstrap vs React.js

        If you are a web developer then you must have already heard about Bootstrap and React.js. However, if you are new to this world and want to become a front-end developer whose job is to design the visual features of a web page or web application, then Bootstrap and React.js will be very handy web technologies to learn.

        Front-end frameworks are very difficult to choose and I myself have been confused about which to choose. So in this post, we will discuss both Bootstrap and ReactJS, their noteworthy features, benefits, and drawbacks.

      • How to Install MySql Workbench on Arch Linux

        The MySql workbench for Linux includes data modeling, development, SQL settings administration tools, user administration, backup/restore, and other functions. The ease of use and all these features make it a great choice for managing MySql databases. On Linux, you can install MySql Workbench in a variety of methods, including through official packages. Installing Oracle’s official repositories, utilizing the operating system’s default repositories, or compiling the packages from the source are all options. So let’s have a brief look at the method to install MySQL workbench on Arch Linux.

      • How to Install GCC for Arch Linux

        GCC translates to GNU Compiler Collections, and it is primarily used to compile the C and C++ programming languages. In addition, it also compiles Objective C and Objective C++ programs. The GCC is a set of open-source compilers and libraries.

        On Linux, open the terminal to install GCC. The terminal receives user input in the form of commands and shows the results on the screen. As a result, we’ll need to run a few instructions to install GCC.

      • How to Install an Apache web Server on Arch Linux

        In general, a web server hosts web content and answers requests for it from web browsers like Internet Explorer, Google Chrome, and Firefox. The apache web server, IIS web server, Nginx web server, and LiteSpeed web server are all examples of web servers. Apache is an open-source and free platform that is used by more than half of the world’s web servers.

      • How to Install AWS CLI On Arch Linux

        Using AWS CLI, or Amazon Web Services Command-Line Interface, you can manage your AWS services. This tool allows users to control different AWS services via the command line. It’s a great tool for managing everything in AWS.

        The utility only requires Python to execute, so that’s the only requirement. In this tutorial, you will learn about how to install AWS CLI on Arch Linux step by step. You may quickly create shell scripts to control your resources on the AWS cloud using AWS CLI.

        The Bundled Installer approach is compatible with any Linux distribution; the only prerequisite is Python 2 version 2.6.5 or Python 3 version 3.3.

      • How to Install Flask for Arch Linux

        Flask-Migrate is a Flask addon that manages SQLAlchemy database migrations for Alembic-based Flask apps. The Flask-Script extension or flask command-line interface is used to access the database operations.

        Database abstraction layers, form validation, and other components that utilize third-party libraries are not available.

      • How to Install Debian 11 in Virtual Box

        Debian is a Unix-like operating system that comes in handy in devices that handle heavy tasks. An example can be servers responding to millions of requests. Installing an Operating System is similar to accessing a virtual machine over the cloud, except that this operating system will take space in your physical disk. We will first go through the introduction and features of Debian 11 and then see the steps to install this Operating System in VirtualBox completely. Let’s get started!

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • TDE: A Museum Piece or Modern Desktop Alternative?

          Compared to Gnome 2, KDE 3 has fared poorly since it was superseded. Gnome 2 was ported to Linux Mint and became MATE, which has always balanced tradition and modernization. In 2020, the LinuxQuestions poll listed MATE as the choice of 8.5 percent of users, and I suspect that a much higher percentage would list it as their second choice (the desktop used when your main one fails). By contrast, Trinity claimed only a 1.3 percent share.

          So why bother with such a minority choice? To start with, Trinity scored the same as Ubuntu’s defunct Unity, while elementary OS’s Pantheon desktop, which receives frequent coverage, received no votes at all. The point is not user share, but freedom of choice, a key value of free software. Trinity’s success lies in having fought the odds to provide a small group of users what it wants and in extending the choices for everyone.

    • Distributions

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

      • IBM/Red Hat/Fedora

        • Fedora Linux 35 is now available at Vexxhost

          I love using Fedora Linux on desktops and servers. Fedora Linux is also a great platform for cloud applications. Starting today, you can deploy Fedora Linux 35 at Vexxhost!

          Vexxhost offers an open-source cloud with OpenStack under the hood. You can deploy Fedora Linux on cloud infrastructure in Canada, the United States, and the Netherlands. They also deliver many other OpenStack-based services to provide load balancers, block storage, and object storage.

        • Haven’t switched from CentOS 8 yet? Here are your options – TechCrunch

          Red Hat promised that it would continue to support each CentOS release for about a decade. However, the company changed its mind and suddenly cut support for the latest CentOS release.

        • CIO role: How to move from gatekeeper to advisor

          he CIO role has been around for more than 40 years, and in that time, it has undergone various shifts to become what it is today. The growth of the internet, the switch to digital, the move to cloud, and the shift to remote and hybrid workforces have all challenged corporate leadership, and especially CIOs, to redefine how they align their technology and teams with emerging tech trends and changes in corporate priorities.

          During the pandemic, we’ve seen countless businesses, many of which had been relying on outdated technology with underfunded IT departments, invest in technology at breakneck speed in order to meet the challenges posed by the new work environment. Too often, however, these investments were made directly by departments, with a lack of oversight and control from central IT. It is now common to find staff members managing technology that the IT team may not even be aware of.

        • How to hire change-ready people: 8 signs

          IT leaders are all too familiar with the challenges of change resistance. The most skilled CIOs know what steps to take to understand and address fear, uncertainty, and doubt concerning IT-enabled change.

          As we settle into an era in which continual – and often, transformational – change is the rule rather than the exception, IT leaders are naturally eager to shift their focus to change readiness. “Change always makes people feel uncomfortable, but the employees that seem to thrive with frequent change tend to be open minded,” says Dennis Theodorou, managing director with executive search firm JMJ Phillip. “[They are] also constantly thinking about how to make the business better. These employees also tend to pivot quickly without much delay or dwelling.”

          This is especially true when it comes to the IT organization itself. As the technology function not only leads ongoing technology-enabled change but experiences ongoing transformation itself, the value of having change-ready folks on the team is clear. “Being principled, practiced, and prepared for change and innovation can accelerate one’s ability to consistently and reliably contribute in fast-paced and cutting-edge industries,” says Rick Simmons, co-author of Unleashed: Harnessing the Power of Liminal Space and CEO of the Telos Institute, which helps leaders optimize their business strategy.

      • Debian Family

        • New Raspberry Pi OS Includes Hidden Speed Boost and 64-Bit Option

          The latest Raspberry Pi OS has today been announced, and it sees a number of changes under-the-hood, and a few that will be noticeable by end users. Chiefly, a new window manager, “mutter” which requires Raspberry Pi models with 2GB of RAM of greater. In a hidden bonus, YouTuber Jeff Geerling has confirmed that some Raspberry Pi 4 owners may see a speed boost built-in to the latest release and a possible new 64-bit release.

          For its “Bullseye” release we mainly get a number of behind the scenes updates, including a speed boost for those of us lucky to have new BCM2711 SoC with a C0T model number. these chips appear on newer Raspberry Pi 4, Compute Module 4 and Pi 400 boards and it appears that for the Pi 4 and CM4 you get an extra 300 MHz performance boost, 1.8 GHz, vs the stock 1.5 GHz. Owners of older Raspberry Pi 4 with B0T model numbers can still manually overclock their Pi.

          The new Raspberry Pi OS is still based upon a 32-bit release, but it appears that there is also a 64-bit release, lurking in the shadows and spotted by Geerling. Whether this is still a beta or ready for release remains uncertain.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Events

        • You’re Invited: State of the Onion 2021

          Last year, we held our first 100% virtual State of the Onion, a compilation of updates from the Tor Project’s different teams discussing highlights of their work during the year and what we are excited about in the upcoming year. Our 2020 State of the Onion was our first time doing livestream iteration, and it was not only a great success because it allowed us to reach thousands of people all around the world, but also because it allowed for more projects from our community to participate, giving an opportunity for them to also share their updates.

          We are happy to announce that we will be hosting our 2021 State of the Onion livestream on November 17 from 17:00 – 19:00 UTC.

      • Web Browsers

        • Mozilla

          • Firefox is now available on the Microsoft Store and that’s a pretty big deal

            According to Mozilla, the change came as a result of Microsoft changing its policies on allowing third-party browser support. “Until recently, Microsoft’s store policies required that all web browsers use the engine that Microsoft had built into their platform, which meant we were unable to ship the Firefox you know and love in the Windows Store,” Mozilla said in a blog post.

      • CMS

        • [Old] First in Germany again

          Over a total of 20 weeks from spring to late summer 2021, readers of the individual insider portals were asked to vote for their favorite in each category. IT Awards got votes from over 60 000 readers this year and Nextcloud came out on top , chosen by the largest community of IT professionals. We’re very proud of this and we’d like to thank everyone who made this possible, that is, all of you! Especially all of you who voted, but also everyone else who helps spread the word or improve Nextcloud directly with code, documentation or helping other users on our forums. Every bit makes a difference!

      • FSF

        • Licensing/Legal

          • [Old] The Software Industry IS STILL the Problem: The time is (also) way overdue for IT professional liability

            If any science fiction author, famous or obscure, had submitted a story where the plot was “modern IT is a bunch of crap that organized crime exploits for extortion,” it would have gotten nowhere, because (A) that is just not credible, and (B) yawn!

            And yet, here we are.

            The good news is that the ransomware attack on Colonial Pipeline in May 2021 probably marks the beginning of the end. Comforting as that might sound, it tells us very little about how that ending will turn out.

            The first to react were the insurance companies. Some of them dropped the product, leaving their customers to their own devices; others were busy trying to come up with requirements and standards that would apply to their customers’ claims for coverage.

          • [Old] The Software Industry IS the Problem: The time has come for software liability laws.

            Some say the only two products not covered by product liability today are religion and software. For software that has to end; otherwise, we will never get a handle on the security madness unfolding before our eyes almost daily in increasingly dramatic headlines. The question is how to introduce product liability, because just imposing it would instantly shut down any and all software houses with just a hint of a risk management function on their organizational charts.

          • The GNU GPL violations aren’t the only reason not to buy a Vizio TV. They barely support their products and they spy.

            They had to revise the firmware in mine as part of a lawsuit settlement.

            The one where it spied on your TV watching, including sending them which networks you watched with a TV antenna.

            Whether they violate the GPL or not, and whether the GPL is a contract are very important issues that should be pressed in court, because we have nothing to lose and everything to gain vs. developers who won’t enforce their own licenses (mostly “Linux” kernel people).

            But like other devices that want to connect to the internet and call themselves “Smart”, it’s usually a bad idea to give the device what it wants.

  • Leftovers

    • On Writing History From Below

      Marcus Rediker: The oldest influence on my decision to write “history from below” was my grandfather, Fred Robertson, a Kentucky coal miner, and master storyteller. Unlike Harvey, who went to an archive of books, I had an archive of stories. My grandfather told me extraordinary stories, many of them just about working-class people – their triumphs, victories, defeats, their pain, and their glories. He was a brilliant storyteller; he made things come alive.

      It took years but I realized, finally, that a lot of the ways in which I write history goes directly back to what he taught me about how to tell a story. One of his ideas was that a good storyteller always tells a big story inside a little story. So, for me, in studying sailors, pirates and enslaved people, I tell the stories of their lives and struggles within the big story of the rise of capitalism. A storyteller has to create understandings on several different levels simultaneously.

    • Lament of a Lou Gehrig, Joe DiMaggio Yankee Fan

      Until recently, the Yankees’ management strategy has been self-defeating. For years they traded their minor league talent for over-the-hill, injury-prone MLB stars. Some trades worked out, but most loaded the Yankees’ treasury with huge financial obligations for very little return on the field. The result is that they strip-mined their farm teams and rejected the historic winning formula of growing their own talent that brought them 27 World Series championships until 2009. Joe DiMaggio, Yogi Berra, Derek Jeter, and scores of others made their way to the fabled stadium directly from Yankee Triple A teams.

      Although recently, the Yankees are respecting the importance of their farm team players – Aaron Judge is an example – their trading acumen is almost non-existent. Just this year, two players on the Boston Red Sox’s – Eovaldi and Whitlock – gave the Yankees fits. These former Yankees were traded to Boston for no talent in return.

    • Did the Squad Give Away Their Bargaining Power?

      Has the Progressive Caucus lost its bargaining power by giving in to President Biden’s promise of “Trust Me.” Suppose that he is indeed able to get the Blue Dog/New Democrat Thatcherite “centrist” House members (mercenary lobbyists for corporate America and the One Percent) on board. But what about the Senate? What in the negotiated agreement will prevent Manchin and Sinema from killing the bill there?

      If they really wanted to, the Democratic leadership could simply get the Senate to remove Manchin and Sinema from their committee positions. Schumer could bring matters to a head with a motion saying that taking money from lobbyists to introduce policies that result in bribes (campaign contributions) is a corrupt conflict of interest. It wouldn’t succeed, but would draw attention to how corrupt the campaign financing process really is in determining what candidates will be on the ballot and what issues they will support.

    • Hardware

      • Chip shortage creates new power players

        While Microchip normally lets customers cancel a chip order within 90 days of delivery, it began offering shipment priority to clients that signed contracts for 12 months of orders that couldn’t be revoked or rescheduled. These commitments reduced the chances that orders would evaporate when the scarcity ended, giving Microchip more confidence to safely hire workers and buy costly equipment to increase production.

        “It gives us the ability to not hold back,” said Ganesh Moorthy, president and CEO of Microchip, which Thursday reported that profit in the latest quarter tripled and that sales rose 26% to $1.65 billion.

    • Health/Nutrition/Agriculture

      • Toward a Revolution in the Cannabis Revolution: Marijuana 25 Years After Prop 215

        The celebration took place at the General’s Residence at Fort Mason in San Francisco, which is federal property. That meant that there were no signs for the event. Marijuana, whether medical or recreational, is still illegal with the feds, and so advertising for anything related to marijuana is also illegal. No signs of any kind were outside the building. Inside, I did not see anyone smoking marijuana and didn’t smell it either, though marijuana passed from hand to hand, quietly, surreptitiously. A woman I had never seen or met before, and who said she lived and grew weed in Humboldt gave me several ounces which I took home. I haven’t tried it yet. I will. It’s part of my research.

        The program for the event, which was sponsored by the National Organization for the Reform of Marijuana Laws (NORML), listed the names of 76 deceased opponents of the Drug War: activist Dennis Peron; lawyer  and SF D.A. Terence Hallinan; and Mary Rathbun famous for her pot-laced brownies.

      • [Old] What, Me Care? Young Are Less Empathetic

        Since the creation of the Interpersonal Reactivity Index in 1979, tens of thousands of students have filled out this questionnaire while participating in studies examining everything from neural responses to others’ pain to levels of social conservatism. Konrath and her colleagues took advantage of this wealth of data by collating self-reported empathy scores of nearly 14,000 students. She then used a technique known as cross-temporal meta-analysis to measure whether scores have changed over the years. The results were startling: almost 75 percent of students today rate themselves as less empathic than the average student 30 years ago.

      • Partisan Gap in Covid Deaths Growing Thanks to Right-Wing Vaccine Disinformation

        Last month in the United States, the per-capita rate at which people died of Covid-19 was more than three times higher in counties where former President Donald Trump won at least 60% of the vote compared with counties that President Joe Biden won by a similar margin—evidence, one public health expert said Monday, of the “deadly consequences” of “anti-science aggression on the right.”

        “Irrational fears about vaccine side effects have overwhelmed rational fears about a deadly virus.”

      • 95 percent of Covid treatment funds have gone to treat unvaccinated people

        95.1 percent (€53.8 million) of all the funds spent on coronavirus treatment has gone toward treating unvaccinated people. Vaccinations were made available in Estonia in the start of the ongoing year. The €56.6 million for coronavirus treatments is supplemented by another €50 million on personal protective equipment (PPE), hospital beds, vaccination preparation and additional costs.

    • Integrity/Availability

      • Proprietary

        • Apple says it will no longer punish those daring to repair their iPhone 13 screens
        • Microsoft patches two actively exploited zero-days in monthly fixes

          “Organisations that run Exchange Server on-premises should apply security updates in a timely manner to prevent future exploitation once proof-of-concept code becomes publicly available.”

          Fifteen of the bugs fixed could be used for remote code execution, the company’s list of vulnerabilities shows.

          The other actively exploited zero-day was a security feature bypass flaw in Microsoft Excel.

        • Microsoft Patch Tuesday, November 2021 Edition

          Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

        • Security

          • Microsoft Releases November 2021 Security Updates | CISA

            Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

          • Samba Releases Security Updates | CISA

            Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates.

          • Citrix Releases Security Updates | CISA

            Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

          • Major security issues found in top Linux program for embedded devices [Ed: BusyBox is BusyBox, not "Linux"]

            Cybersecurity researchers have discovered 14 critical vulnerabilities in BusyBox, marketed as the Swiss Army Knife of embedded Linux.

            BusyBox is one of the most widely used Linux software suites, and many of the world’s leading operational technology (OT) and Internet of Things (IoT) devices run BusyBox.

          • BusyBox security analysis reveals 14 minor vulnerabilities

            Researchers at Claroty and JFrog have published a security audit of BusyBox, a widely used embedded device that offers a set of standard UNIX utilities in a single executable file. During the check, 14 vulnerabilities were identified, which have already been eliminated in the August release of BusyBox 1.34 . Almost all problems are harmless and questionable from the point of view of their application in real attacks, since they require running utilities with arguments received from outside.

          • Privacy/Surveillance

            • Brazil’s Fake News Bill: Congress Must Stand Firm on Repealing Dangerous and Disproportionate Surveillance Measures

              The revised text of Brazil’s so-called Fake News bill (draft bill 2630), aimed at countering disinformation online, contains both good and bad news for user privacy compared to previous versions. In a report released by Congressman Orlando Silva in late October, following a series of public hearings in the Chamber of Deputies, the most recent text seeks to address civil society’s claims against provisions harmful to privacy.

              Regarding serious flaws EFF previously pointed out, the bill no longer sets a general regime for users’ legal identification. Second, it does not require social media and messaging companies to provide their staff in Brazil remote access to user logs and databases, a provision that would bypass international cooperation safeguards and create privacy and security risks. Most importantly, it drops the traceability mandate for instant messaging applications, under which forwarding information would be tracked. We hope all these positive and critical changes are preserved by Members of Congress in the upcoming debates. 

              However, the text of the bill also has significant downsides for privacy. Among them, Article 18 of the draft legislation will expose some users’ IDs, requiring providers to make publicly available, by default, the national ID number of natural persons paying for content that mentions political parties or candidates, as well as the name of the person who authorized the ad message. Besides the potential for harassment and retaliation based on users’ political leanings, the provision creates a trove of personal data for potential political profiling using a national and unique ID number.

            • Brazil’s Fake News Bill: Perils and Flaws of Expanding Existent Data Retention Obligations

              Following a series of public hearings in Brazil’s Chamber of Deputies after the Senate’s approval of the so-called Fake News bill (draft bill 2630), Congressman Orlando Silva released a revised text of the proposal. As we said in our first post, the new text contains both good and bad news for user privacy compared to previous versions. One piece of bad news is the expansion of existing data retention mandates.

              Brazil’s Civil Rights Framework for the Internet (known as “Marco Civil”, approved in 2014) already stipulates the retention of “connection logs” and “access to application logs” for the internet service providers (ISPs) and applications set by the law. Internet applications broadly refer to websites and online platforms. According to Marco Civil, application providers constituted as legal entities, with commercial purposes, must collect and retain the date and time the application is used, from a certain IP address, for a period of six months. Article 37 of the bill seeks to indirectly expand the definition of “access to application logs” to compel application providers to retain “logs that unequivocally individualize the user of an IP address.”

              Since the debates on the approval and further regulation of Marco Civil, law enforcement has pushed for including the information about users’ networking ports in the law’s data retention obligation. They have sought to influence legislation and courts’ understanding about the existing retention mandate, since Marco Civil doesn’t mention the storage of users’ ports. Such a push takes into account the current use of technical solutions (particularly those based on Network Address Translation (NAT)) that enable multiple users to simultaneously share a single public IP address. There is a shortage of public IPv4 addresses, and to help mitigate this issue, NAT allows us to use several private IPs for one public IP. NAT can do this by allocating a range of ports per private IP on the public IP. However, servers on the internet still need to correlate this information with the internet service provider logs.

            • China will advance development of digital yuan, central bank gov says

              China will continue to advance the development of its central bank digital currency and improve its design, the People’s Bank of China governor Yi Gang said on Tuesday.

              China is a front-runner in the global race to launch central bank digital currencies (CBDC) and is testing a digital yuan, or eCNY, in major cities including Shenzhen, Beijing and Shanghai but has not set a timetable for its official rollout.

            • Google’s Nest Hub gets more sleep tracking features

              Google’s second-gen Nest Hub already comes with the ability to help you track your sleep pattern, thanks to its Soli-powered Sleep Sensing feature, but now Google is rolling out an update that should help you get a more detailed look at the quality of your slumber. According an announcement post on the company’s Keyword blog, the Nest Hub will now display a Sleep Staging chart that shows your various stages of sleep, including how long you were awake or experiencing REM, light, or deep sleep.

            • IFF’s Statement on the Supreme Court Pegasus Committee

              On July 18, 2021, The Wire, as part of an international collaborative investigation titled “Pegasus Project”, revealed that the Israeli spyware firm NSO targeted “over 300 verified Indian mobile telephone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others” through their spyware, Pegasus. Subsequent reporting by the Wire and the Washington Post revealed that forensic analysis conducted by Amnesty International’s Security Lab definitively showed that the Pegasus spyware had been used to target 37 phones, of which 10 belonged to Indians.

              Mr. Rupesh Kumar Singh and Ms. Ipsa Shatakshi are independent activists of repute, with over seven years of standing. Both of their phone numbers are in the leaked database. However, as of the date, it has not been verified whether their phones were attacked with the Pegasus Spyware. Mr. Singh and Ms. Shatakshi have approached the Supreme Court asking it to declare that the use of spyware such as Pegasus, is unconstitutional. The Supreme Court has pronounced a judgment regarding the use of Pegasus, constituting a committee of technical experts to examine the allegations of unauthorised surveillance using the Pegasus spyware. This is not the first time that the Supreme Court has taken such a measure, since earlier this year the Court had also constituted a four member expert committee on the controversial farm laws.

    • Defence/Aggression

      • It Doesn’t Pay to Be Right About America’s Wars

        I waited almost three months for some acknowledgement, but it never came. Not a bottle of champagne. Not a congratulatory note. Not an e-mail of acknowledgement. Not one media request.

      • Hypersonic Panic and Competitive Terror

        Undeterred by any rival capability, Trump claimed in May 2020 that the US military had come up with a “super duper”weapon that could travel at 17 times the speed of sound. “We are building, right now, incredible military equipment at a level that nobody has ever seen before.”  Ever adolescent in poking fun at his rivals, Trump also claimed that the missile dwarfed Russian and Chinese equivalents.  Russia, he claimed, had one travelling at five times the speed of sound; China was working on a device that could move at the same speed, if not at six times.  Pentagon officials were not exactly forthcoming about the details, leaving the fantasists to speculate.

        In 2019, Russia deployed its own intercontinental hypersonic missile, the Avangard strategic system, featuring a hypersonic glide vehicle astride an intercontinental ballistic missile. “It’s a weapon of the future, capable of penetrating both existing and prospective missile defence systems,” claimed Russian President Vladimir Putin at the time.  The President claimed to have reason to crow.  “Today, we have a unique situation in our new and recent history.  They (other countries) are trying to catch up with us. Not a single country possesses hypersonic weapons, let alone continental-range hypersonic weapons.”

      • Report Outlining How to Cut $1 Trillion From Defense Budget Is Just a Start
      • Opinion | The Pentagon Budget Should Be Cut by At Least $1 Trillion—But War Profiteers Won’t Go Quietly

        Even as Congress moves to increase the Pentagon budget well beyond the astronomical levels proposed by the Biden administration, a new report from the Congressional Budget Office (CBO) has outlined three different ways to cut $1 trillion in Department of Defense spending over the next decade. A rational defense policy could yield far more in the way of reductions, but resistance from the Pentagon, weapons contractors, and their many allies in Congress would be fierce.

      • Ex CIA analyst on hidden realities of Syria war and new novel ‘Damascus Station’
      • What Is France Hiding in the Sahel?

        On the 8th of October, Choguel Maïga, the prime minister of Mali, boldly informed the world that its former colonial power, France, was sponsoring terrorists in the country’s northern region. Standing before dozens of cameras and microphones, he provided details on how the French army had established an enclave in the northern town of Tidal and handed it over to well-known terrorist groups. The revelation was shocking not simply for the serious nature of the accusation but because in past times West African leaders have rarely sparred so openly with the French government. A chain of events simmering in the background for weeks triggered the latest spat.

      • 13 Trump Officials Violated Hatch Act Regulations, Special Counsel’s Office Says
      • Stephen Miller, Come on Down! Jan. 6 Committee Drops Another Round of Subpoenas on Trump World

        Here’s a rundown of everyone who was slapped with a subpoena on Tuesday: [...]

      • Policeman survives knife attack in French Riviera city of Cannes

        A policeman survived a knife attack in the French Riviera city of Cannes on Monday, with media quoting a police source as saying the assailant had said he was acting “in the name of the Prophet”.

        The policeman emerged from the attack unscathed, saved from serious injury or worse by his bulletproof vest, Interior Minister Gerald Darmanin said.

      • Cannes: Knifeman shot after attacking three police officers

        The attack in Cannes comes just one week after a knifeman was shot at a railway station in Paris after threatening security officers.

      • Poland Fears ‘Armed Escalation’ with Belarus as Migrants Mass on Frontier

        Poland and the European Union accuse Minsk of weaponizing migrants by inviting them to enter Belarus and shepherding them to the border, sometimes by force. Visiting the border area Tuesday, Polish Prime Minister Mateusz Morawiecki praised the work of the 12,000 troops the government has deployed to defend the border.

        “We know that this is a fully planned operation, which aims to disrupt the sovereignty of our country. That’s absolutely clear to us. We know for sure that there is a search for weak spots happening (on the border),” Morawiecki said.

        “(Belarusian President Aleksander) Lukashenko’s regime uses civilians as weapons of a hybrid war. What we can see today are new methods, and you are a key bastion there to defend against these new methods,” the prime minister added.

        Poland closed the main border crossing with Belarus Tuesday, the primary route for road traffic between northern Europe and Russia.

      • What is happening on the Poland-Belarus border?

        This summer Belarus began experimenting with a novel geopolitical tactic: importing would-be migrants from the Middle East, dumping them at the EU’s borders and urging them to cross. In August Iraqi Airways announced several direct flights from Iraqi cities to Minsk, the Belarusian capital. Migrants, promised a new life in the EU on social media, sought Belarusian visas from local consulates. Upon arrival in Minsk armed guards herded them to the border, first with Lithuania and then with Latvia and Poland. All three of these countries have annoyed Mr Lukashenko by sheltering Belarusian dissidents who have fled from the regime. The EU tried to stem the flow of migrants, persuading Iraqi Airways to cancel flights to Belarus. States sharing a border with Belarus each deployed patrols, put up makeshift fences and announced construction of sturdier, permanent ones.

      • Belarus migrants: Poland PM blames Russia’s Putin for migrant crisis

        Speaking on Tuesday at an emergency parliamentary session after visiting troops on the border, Mr Morawiecki said: “This attack which Lukashenko is conducting has its mastermind in Moscow, the mastermind is President Putin.”

        He accused the Russian and Belarusian leaders of trying to destabilise the European Union – which the two countries are not part of – by allowing migrants to travel through Belarus and enter the bloc.

        Mr Morawiecki described the situation as “a new type of war in which people are used as human shields”, and said Poland was dealing with a “stage play” which is designed to create chaos in the EU.

      • How Europe’s last dictator lured thousands of migrants from the Middle East for ‘hybrid war’ against West

        Ads placed on social media are designed to make the trip look legitimate and promise smooth travel, highlighting that travellers are issued seven day tourist visas for Belarus.

        In one recent Facebook post, a travel agent said that it was bringing people to Europe via “conventional ways”.

        “European airlines only, need 1.2 million refugees. Seize the opportunity. Pay us after arrival,” read the post, which was subsequently deleted after attracting media attention.

      • Harry says he warned Twitter boss ahead of Capitol [insurrection]

        “I warned him his platform was allowing a coup to be staged,” Prince Harry said at the RE:WIRED tech forum in the US.

    • Environment

      • East Coast Flooding, Rising Sea Levels and Climate Change: Why the Ocean Keeps Pouring In

        Since 1880, average global sea levels have risen by more than 8 inches (23 centimeters), and the rate has been accelerating with climate change.

        Depending on how well countries reduce their greenhouse gas emissions in the coming years, scientists estimate that global sea levels could rise by an additional 2 feet by the end of this century. The higher seas means when storms and high tides arrive, they add to an already higher water level. In some areas – including Charleston, South Carolina, where a storm and high tide on Nov. 5, 2021, sent water levels about 8 feet above normal– sinking land is making the impact even worse.

      • The View From Inside the Glasgow Climate Summit: A Focus on Faster Policy Changes as Talks Intensify, Amid Grandstanding and Anger Outside

        I’ve been involved in the climate negotiations for several years as a former senior U.N. official and I am in Glasgow now. At the start of the second week, here’s what I’m seeing and hearing, both inside the negotiations and outside.

        A shift from 2050 to 2030 goals

      • War Helps Fuel the Climate Crisis as U.S. Military Carbon Emissions Exceed 140+ Nations

        Climate activists protested outside the U.N. climate summit in Glasgow Monday spotlighting the role of the U.S. military in fueling the climate crisis. The Costs of War project estimates the military produced around 1.2 billion metric tons of carbon emissions between 2001 and 2017, with nearly a third coming from U.S. wars overseas. But military carbon emissions have largely been exempted from international climate treaties dating back to the 1997 Kyoto Protocol after lobbying from the United States. We go to Glasgow to speak with Ramón Mejía, anti-militarism national organizer of Grassroots Global Justice Alliance and Iraq War veteran; Erik Edstrom, Afghanistan War veteran turned climate activist; and Neta Crawford, director of the Costs of War project. “The United States military has been a mechanism of environmental destruction,” says Crawford.

      • His country is sinking. So he’s rolling up his pants to make the point at COP26.

        Waters around Tuvalu, whose highest point is about 15 feet above sea level, are rising about 0.2 inches per year — faster than the global average. Like many of its neighbors, Tuvalu is warning that without global action, its land will almost certainly be submerged entirely.

      • Obama Addresses Climate Activists in Glasgow, But Should They Listen?

        We are now in the post-speech era of climate crisis, where words don’t matter to the people who matter. Young activists have figured out that the older generation is fucked up, that they don’t care about their future. The climate fight is no longer about levels of CO2 in the atmosphere: It is now about the rich, greedy older generation killing off their young.

      • Opinion: Why we need a ‘long telegram’ about the climate crisis — not conflict with China or Russia

        George Kennan’s famous “long telegram” outlined the strategy of containment at the start of the Cold War with Russia. The establishment Atlantic Council think tank has issued a new version — a “longer telegram” — to outline a confrontation with China. What’s needed, however, is a long telegram to lay out the strategy for engaging China and Russia in facing the real and growing climate threat. If we don’t find a way to join in addressing it, the basic duty of the state — to defend the security of its citizens — will have been forfeited.

      • Ocean’s climate change ‘buffer’ role under threat

        It has revealed that – if global temperatures increase to levels predicted – the ocean will not be able to provide what is currently Earth’s largest long-term carbon store.

        One third of the carbon dioxide in our atmosphere dissolves in the ocean.

        It therefore acts as an important buffer against rising temperatures.

      • Who Is the World’s Greatest Climate Champion?
      • Opinion | Drill, Baby, Drill: Capitalism’s Only Plan for Climate Is Collapse

        This past week’s flurry of announcements over “ambitious action” by governments during the COP26 in Glasgow has been justly received with scepticism by climate justice activists and the general public (and enthusiastic support by the media in general). During this same period important revelations of the massive gap in terms of necessary emission cuts and country’s plans emerged, as the broader rejection of greenwashing became pervasive. The narrative of false solutions and green capitalism doesn’t work. Yesterday, the revelation that over 800 oil & gas wells are being planned for drilling still this year and in 2022, in the report “Drill, Baby, Drill”, makes it clear that the proceedings of COP26 are mostly propaganda, as the only real, mandatory and contractualized plan global capitalism has for the climate crisis is collapse.

      • At COP 26, Island Nations Demand Action on Funding and Emissions
      • Fiji PM Slams Rich Nations for Telling Poor to ‘Suck It Up and Wait’ for Climate Funding

        Fijian Prime Minister Frank Bainimarama castigated rich nations on Monday for reneging on their vow to provide developing countries with $100 billion in annual climate funding by 2020, a failure that’s been in the spotlight throughout the ongoing COP26 summit in Glasgow, Scotland.

        “No nation can claim inaction out of ignorance. We have known about this threat for decades.”

      • Why We Need a “Long Telegram” About the Climate Crisis—Not Conflict With China or Russia

        President Biden has repeatedly and rightly called climate change an “existential threat.” The White House, the Pentagon and the intelligence community have all issued reports detailing climate change’s “threat multiplier,” which will worsen food and water scarcity, spread diseases, destabilize countries, and exacerbate mass migration. Most Americans increasingly understand that the threat is critical—and getting worse.

      • COP26 Action Steps?
      • Opinion | Corruption and Environmental Damage: Chinese Fossil Fuel Investments in Africa

        China’s relationship with Africa is multifaceted. The People’s Republic of China (PRC) shares ideological bonds with many African countries because of early ties to anti-colonial struggles and through the Non-Aligned Movement. Every African country recognizes the PRC with the exception of eSwatini (Swaziland), which has diplomatic relations with Taiwan). Many African countries preserved trade relations with Beijing after the 1989 Tiananmen Square crackdown, and those commercial links have only grown stronger. China has been Africa’s leading trading partner since surpassing the United States in 2009.

      • US Military Is Fueling Climate Crisis — It Emits More Carbon Than 140 Nations
      • More Than Halfway Through COP26, World Leaders Accused of Delivering Empty Promises on a Sinking Ship

        With just four days left of the United Nations climate summit in Glasgow, Scotland, climate groups are demanding world leaders urgently change course by rejecting false solutions and committing to stop greenhouse gas emissions at the source to have any chance of limiting global warming to 1.5°C.

        “This conference has not been the climate game-changer promised by politicians and promoted by the media.”

      • Opinion | The Most Basic of All Human Rights: Clean Water

        As the UN Climate Change Conference (COP26) is swiftly moving to its conclusion on Friday, climate justice could not be more urgent or timely.

      • COP26 Report Reveals ‘Massive’ Credibility Gap Between Climate Commitments and 1.5°C Target

        “It’s all very well for leaders to claim they have a net-zero target, but if they have no plans as to how to get there, and their 2030 targets are as low as so many of them are, then frankly, these net-zero targets are just lip service to real climate action.”

        “Today’s leaders need to be held to account for this massive 2030 gap.”

      • Satirical Video Detailing Global Deceit of Net-Zero Pledges Shows ‘How F**ked We Are’

        Humanity is on a catastrophic global heating trajectory that will pass what scientists call the “net fucked by 2050″ point and is risking “irreversible chain reactions beyond our control” just so billionaires can grow even richer.

        “Being honest isn’t an option for us. Which is why we’ve come up with the next best alternative: net-zero by 2050.”

      • Opinion | A Major Copout: COP26 and the Infrastructure Bill Show the Slow Limits of “Moderate” Change

        This past week witnessed two supposedly historic events. Globally, leaders from around the world met at Cop 26 in Scotland to agree on landmark commitments to address climate change. In the US, Congress passed a $1 trillion infrastructure bill that President Biden hailed as a “monumental step forward” that was a “blue-collar blueprint to rebuild America and it’s long overdue.”

      • Energy

        • ‘This Must Not Happen’: If Unhalted, Permian Basin Fracking Will Unleash 40 Billion Tons of CO2 by 2050

          As activists at the COP26 summit continue to denounce the “massive” gap between wealthy governments’ lofty rhetoric and their woefully inadequate plans for addressing the climate emergency, a new analysis of projected extraction in the Permian Basin in the U.S. Southwest exposes the extent to which oil and gas executives’ refusal to keep fossil fuels in the ground puts humanity’s future in jeopardy.

          “While climate science tells us that we must consume 40% less oil in 2030, Permian producers plan to grow production more than 50%.”

        • Roadmap Details Just Transition Based on Sustainable Wind Energy for Nebraska

          The people of Nebraska “deserve a livable future with less water and air pollution, more sustainable jobs, and democratic control over their energy sources.”

          So declares a report released Tuesday by the Institute for Policy Studies (IPS) that urges the landlocked U.S. state to take full advantage of its vast wind energy potential and ditch its climate-wrecking reliance on coal.

        • Opinion | The Overrated Promise of a Carbon Tax

          Addressing global warming requires cutting carbon emissions by almost half by 2030! For the Intergovernmental Panel on Climate Change, emissions must fall by 45% below 2010 levels by 2030 to limit warming to 1.5°C, instead of the 2.7°C now expected.

        • As COP26 Host Glasgow Touts its Climate Leadership, a Stroll Through the City Reveals its ‘Toxic’ History

          Scotland’s second city has rolled out the green carpet to world leaders and thousands of delegates arriving for climate talks.

          The city and its leaders have been eager to present a green image of Glasgow over COP26, with advertisements and billboards across town promoting its climate-friendly projects and initiatives. 

        • General Motors Sponsors COP26 1.5C Pavilion Amid Summit Polluter ‘Greenwash’

          A U.S car giant with a history of funding climate denial and inaction is sponsoring a COP26 events space that showcases a “transition to a cleaner world”.

          General Motors, one of the world’s largest industrial corporations, is backing the “Pathways to 1.5” pavilion at the Glasgow summit, which explores how businesses can reach the Paris Agreement target of restricting global heating to 1.5°C by the end of the century.

        • Critics Say Behind-the-Scene Efforts by HSBC Prove Big Bank Climate Pledges ‘Cannot Be Trusted’

          “Time and time again we see banks launch voluntary climate initiatives which seem to be aimed purely at reaping PR benefits now, while postponing all concrete action as far into the future as possible.”

        • Hundreds of Groups Reject Greenwashing of Destructive Hydropower Industry at COP26

          As campaigners on the ground in the Scottish city of Glasgow continued to call out world leaders for delivering empty promises at COP26, hundreds of groups on Tuesday urged attendees of the United Nations climate summit to reject attempts by the hydropower industry to secure support for new projects and instead focus on real solutions to the planetary crisis.

          “Instead of damming the rivers that help sustain us, climate funds should be used to restore rivers and promote protecting river ecosystems and communities.”

        • Bitcoin inflows hit record high so far in 2021

          Inflows into bitcoin products and funds have hit a record $6.4 billion so far this year, data from digital asset manager CoinShares showed, as investors bought the cryptocurrency on more widespread government acceptance and positive momentum.

        • Bitcoin-mining power plant raises ire of environmentalists

          They fear a wave of resurrected fossil-fuel plants pumping out greenhouse gasses more for private profit than public good. Seeing Greenidge as a test case, they are asking the state to deny renewal of the plant’s air quality permit and put the brakes on similar projects.

          “The current state of our climate demands action on cryptocurrency mining,” said Liz Moran of Earthjustice. “We are jeopardizing the state’s abilities to meet our climate goals, and we set the stage for the rest of the country as a result.”

        • Bitcoin’s record-high price means its energy use is soaring again – just as the world tries to tackle climate change at COP26

          It uses as much electricity each year as the Netherlands, an uncomfortable fact as world leaders meet at COP26.

        • Mexico wins second place in ‘Fossil of the Day’ contest at climate conference

          Presented by the Climate Action Network (CAN), a global network of more than 1,500 civil society organizations in over 130 countries, “Fossil of the Day” awards are given to the countries that are “doing the most to achieve the least” in terms of the progress on climate change.

          Mexico was awarded second place “for pumping more, not less, money into the fossil fuel industry, building oil refineries, and delaying policies aimed at carbon emissions reductions.”

    • Finance

      • Can We Automate Inequality Out of Automation?

        But why? What explains the sinking incomes of so many American workers today? Globalization plays a role. So do the fading value of the minimum wage and the ever smaller share of workers with collectively bargained contracts. But another factor, says MIT economist Daron Acemoglu, may be the most potent driver of these shrinking wages: automation.

        Automation happens when machines or algorithms — essentially, instructions for computers — do the work real people used to perform. We’ve been seeing plenty of this substituting over recent decades, Acemoglu this past Tuesday told the House Select Committee on Economic Disparity and Fairness in Growth. The result: Americans who’ve been performing “routine tasks” in industries rapidly automating “have almost uniformly experienced large declines in their real wages.”

      • With Rising Wages and Record Job Openings, Do We Still Have to Ask If the Minimum Wage Kills Jobs?

        There has been a major national debate about raising the national minimum wage from its current level of $7.25 an hour in recent years. The last increase took effect in 2009. If we adjust for inflation over the last 12 years, the minimum wage has lost almost 30 percent of its purchasing power. If we wanted to restore the minimum wage just to its 2009 level of purchasing power, we would have to raise it to almost $9.50 an hour.

        Even a $9.50 minimum wage would leave it far below its 1968 peak level in terms of purchasing power. If the minimum wage today had the same purchasing power as it did in 1968, it would be roughly $12 an hour. Just in case people don’t remember, the unemployment rate averaged less than 4.0 percent in 1968.

      • Starbucks Requests Last-Minute Delay in Union Vote Set for This Week
      • Lifting From the Bottom So Everyone Can Rise

        For months, the nation has witnessed a debate taking place in Congress over how much to invest in this plan. What hasn’t been discussed, however, is the cost of notinvesting (or not investing sufficiently) in health-care expansion, early childhood education, the care economy, paid sick leave, living-wage jobs, and the like. Similarly missing have been the voices of those affected, especially the 140 million poor and low-income people who have the most to lose if a bold bill is not passed. By now, the originally proposed 10-year, $3.5 trillion reconciliation bill, which a majority of Americans support, has been slowly chiseled down to half that size. For that you can largely thank two Democratic senators, West Virginia’s Joe Manchin and Arizona’s Kyrsten Sinema, unanimously backed by Donald Trump’s Republican Party, which would, of course, cut everything.

        Because of them, the “reconciliation” process to pass such a bill has become so crucial and politically charged, given that the same obstructionist Democrats have continued to uphold the Senate filibuster. All year, Manchin, Sinema, and the Republicans have blocked action on urgent issues ranging from climate change and immigration reform to living wages and voting rights. For example, after months of resistance to the For the People Act, a bill that protects and expands voting rights, Manchin forced the Democrats to put forward a watered-down Freedom To Vote Act with the promise that he would get it passed. In late October, though, he failed to win a single Republican vote for the bill and so the largest assault on voting rights since the post-Civil War Reconstruction era continues, state by state, unabated.

    • AstroTurf/Lobbying/Politics

      • Opinion | Neoliberal Democrats Are Killing Party’s Chances With Working-Class Voters

        Democrats have an electability problem in America’s industrial heartland that could flip the Senate red for a decade to come.

      • Cruz Proposes Texas Secession If Democrats Pass Voting Rights Reforms
      • The Anatomy of a Dog Whistle

        The governor’s race in Virginia provided a preview of coming attractions for the GOP’s 2022 strategy on race. That preview looks much like Nixon’s “Southern strategy” in 1968, with its primary theme of racial division.

      • The Corruption of the Political Class

        On the same day Chris Bryant, chairman of the Commons’ standards committee, said that what the Boris Johnson government was trying to do in overturning Paterson’s suspension was “a perversion of justice” and is “not what we do in this country – it’s what they do in Russia when a friend or a foe is suddenly under the cosh in the courts”.

        But perhaps the government’s botched attempt to save Paterson’s skin – despite detailed evidence of him lobbying hard for the two commercial companies paying him £9,000 a month – is, on the contrary, exactly the way we now do things in the UK. Bryant’s analogy with Russia – he might have mentioned Iraq or Turkey or a score of other countries – may not be too far off the mark. Lord Evans is demonstrably correct about the slippage into corruption and wrong only about how far this process has gone.

      • Trumpism Without Trump

        If anything, it was an empty right-wing culture war meme and a lie about exposing schoolchildren to make-believe horrors of history if they learn about racism and slavery and possibly encountering a kid of a different gender when going to a restroom. It’s right out of racist Donald Trump’s playbook.

        There are stalls in restrooms.

      • GOP Candidate Refuses to Concede Race for New Jersey Governor
      • If Biden Doesn’t Govern Like FDR, Democrats Are Doomed

        Democratic US Representative Abigail Spanberger, a Virginia centrist who swept into office on an anti–Donald Trump wave in 2018 and who now fears she might be swept out on an anti–Joe Biden wave in 2022, says Democrats are in trouble because President Biden has been too ambitious.

      • Absent Any Proof, Israel Designates Palestinian Rights Groups “Terrorist”
      • The Corruption Is In Congress: When Your New Bill Exempts The Biggest Employers In Your State, Perhaps There’s A Problem

        Karl wrote a bit about how the new antitrust bill from Amy Klobuchar and Tom Cotton pretends that the only industry that has competition issues is the internet industry — despite evidence suggesting other industries are much worse off — and briefly mentioned the fact that their bill conveniently excludes Walmart and Target. But the setup of the bill and those particular exclusions are so nefariously done, and so obviously corrupt, that they deserve a second post to call it out.

      • Congress Pushed to Pass Fix After Watchdog Finds 13 Ex-Officials Illegally Campaigned for Trump

        As federal investigators announced Tuesday that at least 13 senior Trump administration officials violated the Hatch Act—a key law restricting campaign activities by government employees—a leading ethics advocacy group responded by calling on Congress to pass the Protecting Our Democracy Act.

        “There are significant enforcement challenges to enforcing the Hatch Act. Legislation like the Protecting Our Democracy Act would fix that.”

      • The ‘manufactured cynicism’ infecting our politics

        A more responsible news outlet might have noted these huge accomplishments, and puzzled over why folks such as Mr. Macey consider this “a standstill.” It would also have identified the obvious source of Washington’s division: the modern GOP, whose animating principal as a minority party is militant obstructionism.

        Ah, but why confront the ignorance of your audience when you can amplify it instead?

      • Facebook credits automated improvements for finding violent content

        Facebook’s parent company said in a report released Tuesday that it had taken action on 13.6 million pieces of content that depicted or incited violence on the platform during the third quarter of the year.

        Meta, the newly rebranded company that includes Facebook, Instagram, WhatsApp and Oculus, took similar actions against more than 3 million instances of content on Instagram, the company said in its Community Standards Enforcement Report.

    • Misinformation/Disinformation

      • Satan, Not Travis Scott, Is to Blame for Astroworld Tragedy, TikTok Geniuses Declare

        On TikTok, where some videos have gained millions of views, typing “Astroworld” into the search bar generates “astroworld festival demonic” as one of the top suggestions. People have said the stage was shaped like an inverted cross leading to a portal to Hell, which they believe was represented by the arch-shaped set onstage. They also point to a shirt Scott wore at the show that depicts human figures walking through a door and emerging with what look like horns as further evidence that Scott was leading fans to hell and sacrificing people’s lives intentionally. A representative from TikTok said this content violates community guidelines and the company is working on taking action against it, “including within search suggestions.”

      • Jan. 6 Committee Issues 6 Subpoenas, Including to Michael Flynn, John Eastman
      • Opinion | No Time for Complacency—January 6 Was a Dress Rehearsal

        Location, location, location. For good or evil, history often is made in the confines of a hotel room or suite: whether the first meeting of the post-revolution Soviet government at Moscow’s Hotel National in 1918, or the drafting in 1922 of Ireland’s constitution at the lovely Shelbourne Hotel in Dublin. 

      • Jan. 6 Panel Subpoenas Flynn and Eastman, Scrutinizing Election Plot

        The subpoenas reflect an effort to go beyond the events of the Capitol [insurrection] and delve deeper into what committee investigators believe gave rise to it: a concerted campaign by Mr. Trump and his network of advisers to promote false claims of voter fraud as a way to keep him in power. One of the people summoned on Monday was John Eastman, a lawyer who drafted a memo laying out how Mr. Trump could use the vice president and Congress to try to invalidate the election results.

        In demanding records and testimony from the six Trump allies, the House panel is widening its scrutiny of the mob attack to encompass the former president’s attempt to enlist his own government, state legislators around the country and Congress in his push to overturn the election.

        Mr. Flynn discussed seizing voting machines and invoking certain national security emergency powers after the election. Mr. Eastman wrote a memo to Mr. Trump suggesting that Vice President Mike Pence could reject electors from certain states during Congress’s count of Electoral College votes to deny Joseph R. Biden Jr. a majority. And Bernard Kerik, the former New York police commissioner who was also subpoenaed, participated in a planning meeting at the Willard Hotel in Washington on Jan. 5 after backing baseless litigation and “Stop the Steal” efforts around the country to push the lie of a stolen election.

    • Censorship/Free Speech

    • Freedom of Information/Freedom of the Press

      • No End to the Washington Post’s War on Whistleblowers

        Fortunately, a former deputy director of the Central Intelligence Agency’s Office of Inspector General, Carolyn McGiffert Ekedahl, a former whistleblower herself who filed a sworn affidavit thirty years ago against the confirmation of Robert Gates as CIA director, wrote a letter to the Post defending whistleblowing.  Ekedahl, who is my wife, noted that institutions, even religious ones, become loyal to themselves rather than to the missions they proclaim.  Ekedahl asked,  “Are victims of abuse by priests ‘betraying’ the Catholic Church when they become whistleblowers? Are civil servants who disclose corruption in their departments guilty of ‘lack of loyalty’?”

        Investigative reporters of the Washington Post often have their exposes because of whistleblowers.  Watergate and Deep Throat is the enduring example.  In his excellent new book, “Midnight in Washington,” Rep. Adam Schiff (D-CA) documents the necessity of whistleblowers to the Congress, particularly the congressional intelligence committees.  As Schiff states, without whistleblowers the congress “would be almost completely reliant on the intelligence agencies to self report any problems.”

      • The High Price of Doing Journalism in El Salvador

        On Dec. 10, 1981, an American-trained unit of the Salvadoran army stormed into a remote village near the country’s border with Honduras. In the days that followed, the soldiers killed nearly 1,000 civilians, most of them women and children. Raymond Bonner, a ProPublica and Retro Report contributor who was then working for The New York Times, traveled with photographer Susan Meiselas through rebel-held territory to report on the massacre. Their story about the atrocities and a similar account by The Washington Post’s Alma Guillermoprieto were fiercely attacked by the Reagan administration, which viewed El Salvador’s military as an essential ally in the fight against the country’s leftist rebels. Administration officials insisted El Mozote had been the site of a firefight between the army and rebels. After the war finally ended in January 1992, investigators began to dig up the bodies. Of the more than 140 remains first exhumed, more than 95% were children; the average age was 6 years old. Many had been rounded up and locked in a convent, then killed in a fusillade of fire before the building was burned. The reporters had been right all along.

        Four decades after he filed his first story on El Mozote, Bonner returned to El Salvador and teamed up with Nelson Rauda, a reporter with the independent news outlet El Faro, to track the country’s faltering efforts to hold the perpetrators accountable. The key to that inquiry was a Salvadoran judge who heard testimony from victims, families and some of the military officers involved. Taken together, the evidence indicated that the El Mozote attack was part of a pattern set by El Salvador’s military and political leadership. Bonner and Rauda’s reporting is traced in a documentary that airs on Wednesday and was produced by the nonprofit news organization Retro Report and the PBS program FRONTLINE. (Check your local schedules for airtimes.) The following story, by Rauda, details the personal costs of doing this work in a country whose populist president has handcuffed the judiciary and publicly attacked journalists who challenge the official line.

      • Julian Assange’s Fiancée: U.K. Blocking Our Attempt to Marry While He Is Tortured in Belmarsh Prison

        Stella Moris, partner of WikiLeaks founder Julian Assange, says British authorities have so far blocked attempts for her and Assange to marry while he is being held in Belmarsh prison. Supporters have also raised concerns Assange has become suicidal. “They are killing him. If he dies, it is because they are killing him,” Moris says. “They are torturing him to death.”

      • Julian Assange’s Fiancée Stella Moris: WikiLeaks Helped Expose Climate Change Hypocrisy & War Crimes

        Britain’s High Court is expected to decide in the coming weeks whether to extradite WikiLeaks founder Julian Assange to the United States, where he faces up to 175 years in prison under espionage charges for publishing classified documents exposing U.S. war crimes. We get an update from Assange’s partner, Stella Moris, who is in Glasgow as part of her campaign to free Julian and to highlight how WikiLeaks has also revealed evidence of how corporations and states have undermined the goals of prior climate summits. Moris says WikiLeaks is an “extraordinary tool … to understand the relationships between the states and the fossil fuel companies, [and] how these interests are intertwined.”

    • Civil Rights/Policing

      • The Request of the Doe

        The old doe wanted to be witnessed in pain for eternity. Cut and bandaged and then cut up again. Fine, they said. We’ll see how you fare. They took her into the sterile room and covered her in dirt. They smothered her in praise. They pulled out her teeth and replaced them with all gold caps over steel rod implants. They propped her up on an ancestor’s grave and told her to be still as a stone.

        The stone wanted to be witnessed for eternity. Carved as it was. Like a great mysterious henge. But it was clear who placed her there. And that wasn’t enough. No one wants to see that which they already see every day in the mirror. Tricked out and suffering. Cut up for no one. Those teeth shone in the night for no one. When she bore them at the moon.

      • The Counter-Intuitivist

        Support independent cartooning: join Sparky’s List—and don’t forget to visit TT’s Emporium of Fun, featuring the new book and plush Sparky!

      • The Parental Right

        The conservatives are always aiming to go to the past, rather than the future. One would think this would make them support children but it’s actually the opposite. They want to go back to their own childhoods and they can only do this by controlling children.

        Another factor for the political Right, at least in America where fascism is heavily merged with distorted Christianity, is an ideology of white supremacy, as children lack sin. This ideology plays nicely into notions of racial superiority as even a drop of a certain ethnicity can be viewed as impure.

      • Dave Chappelle’s Comedy of Bitterness

        Dave Chappelle often describes stand-up comedy in liberatory terms. In his 2018 appearance on Comedians in Cars Getting Coffee, Jerry Seinfeld’s talk show on the craft of comedy, Chappelle cast stand-up as a vehicle for unbridled self-expression: “The guy on the stage, that’s the real guy. The guy that’s off the stage, he’s the one that lies to people, or doesn’t say what he actually thinks, and all this other shit, just so that guy can exist uninterrupted.” The stage, in this parable, authorizes a freedom that the world restricts.

      • Students Have Rights: Court Dumps Evidence After Cops Rely On A Month-Old Anonymous Tip To Search A Minor

        As courts seemingly have to remind school administrators (and their partners in unconstitutional crime, school police officers), students — even minors — still have constitutional rights. The First and Fourth Amendments are the most frequently violated, despite there being no lack of precedent upholding students’ rights.

      • New control system: Frontex ends pilot project on facial recognition at EU borders

        Until now, only asylum seekers and visa applicants had to hand over their biometric data before entering the EU. With an Entry/Exit System, this will be extended to all other travellers from third countries. Border controls will be significantly delayed from 2022. Entry apps and automatic „eGates“ should save this time again.

      • Uber, DoorDash and similar firms can’t defy the laws of capitalism after all

        As the firms have discovered, their businesses are less perpetual motion machines than real-world flywheels that inevitably lose energy to friction, says Jonathan Knee of Columbia Business School and author of a book entitled “The Platform Delusion”. The network effect in fact has proved much weaker than expected. Many users switch between Uber and Lyft. Drivers also flit between them, or to delivery apps, depending on which model offers the best pay. This bargaining power from both sides means the system does not become self-reinforcing after all.

        Technology, too, has turned out to be less beneficial than anticipated. Data collected by the firms help optimise their operations, but are not the decisive factor some had hoped for. Regulators keep pushing back. In London they have forced Uber to pay drivers minimum wages and pensions. In San Francisco they capped the fees DoorDash can charge restaurants for delivering their meals.

      • This Antiwork Subreddit is Watching the Great Resignation

        The sub features a library of antiwork texts, such as Bullshit Jobs by the late anarchist academic David Graeber, and even a soundtrack (including, of course, the labor movement anthem “9 to 5” by Dolly Parton). Their Frequently Asked Questions seem prepared for backlash: Why do you want to end work? Why “antiwork”? But without work society can’t function! In their cheeky response to “You guys are just lazy, right?” they replied, “Some of us are lazy, sure. What’s wrong with that?” Perhaps most urgent is the question: I hate my job, what should I do?

      • Buy Nothing Day – November 26, 2021

        Originating in Canada in the early ’90s, National Buy Nothing Day occurs on the day after Thanksgiving each year in the U.S, on November 26 this year. In an effort to combat the unethical and sometimes even dangerous mob shopping behaviors of Black Friday, artist Ted Dave established this anti-consumerism holiday in 1992. The idea is to counteract the madness of holiday shopping by encouraging a mindful and environmentally friendly attitude toward post-feast purchasing. We’ve been looking for an excuse not to hit the mall so early on Thanksgiving weekend, and here it is!

      • Celebrate Buy Nothing Day on November 26th!

        Celebrate Buy Nothing Day on November 26th!

      • Buy Nothing Day on November 26, 2021

        Overconsumption leads us to using up too many resources. As a result, there are less available for those who need it.

        There’s also the environmental cost of businesses continuously producing these items to satisfy our overconsumption. More greenhouse gas emissions being produced by having to manufacture and ship new items.

        The less we consume, the less resources get used up, and the less greenhouse gas emissions damaging the Earth. Take a stand this year for the sake of our planet, and the sake of your own personal happiness.

      • Buy Nothing Day: Less is More

        Consumption is doing havoc on the environment. As the demand for products grows, so does the necessity to produce those goods. More pollutant emissions, higher land use and deforestation, and hastened climate change occur as a result of this. Buy Nothing Day is a 24-hour protest in which participants commit not to purchase anything in order to raise awareness of the harmful environmental, social, and political repercussions of excessive consumption. Every year on Buy Nothing Day, a message is sent out in support of less consumerism and increased environmental awareness. People that cut back on their consumption not only help the environment, but they also get to enjoy things more fully.

        Whatever day you pick to commemorate Buy Nothing Day, the goal is to raise awareness about the issue of excessive consumption. Whether or not this is a subject that you are passionate about, you can certainly look into it and contribute to a better understanding of it. You can express your support for the day in a variety of ways like: [...]

      • Schools Welcome Homeland Security Surveillance of Students
      • Schools welcome students’ Homeland Security monitoring.
    • Monopolies

      • Klobuchar, Cotton Competition Bill Latest To Pretend ‘Big Tech’ Is The Only Industry With Problems

        So we’ve noted a few times that the recent Congressional fixation on “big tech monopolies” is weirdly myopic. As in, the United States is absolutely jam-packed with heavily monopolized sectors including banking, telecom, energy, and air travel that simply aren’t seeing anywhere near the same level of hyperventilation. While it’s true that giants like Facebook, Google, and Amazon are engaged in dodgy behavior at unprecedented scale, most of the “solutions” bandied about so far are oddly selective, sometimes harmful, and routinely performative.

      • Patents

        • Moderna Slammed for ‘Cheating US Taxpayers’ in Covid-19 Vaccine Patent Dispute

          Moderna came under fire Tuesday in response to New York Times reporting about an ongoing dispute with a federal agency over whether government scientists should be credited as co-inventors of a key component of the U.S. company’s Covid-19 vaccine.

          Dr. Céline Gounder, an infectious diseases specialist at the New York University School of Medicine and Bellevue Hospital Center, tweeted that it is “amazing” Moderna “has the gall to claim it’s the sole inventor” given contributions from scientists at the National Institutes of Health (NIH).

        • Global Jurists Say International Law ‘Requires’ Rich Nations to Stop Blocking Patent Waiver

          A legal opinion published Monday by the International Commission of Jurists argues that the rich countries currently stonewalling a proposed patent waiver for Covid-19 vaccines are violating their “obligations to realize the rights to health, equality, life, and science.”

          “International law requires that States stop impeding the TRIPS waiver.”

      • Copyrights

        • US Court Orders 21 Pirate Site Operators to Pay $1 Million Each in Damages

          Media giant ABS-CBN has won a lawsuit against 21 pirate site operators. A district court in Florida granted a default judgment that orders the operators to each pay $1 million in damages. The domains in question, one of which used to be linked to a British MP, are mostly smaller streaming portals that offer access to ‘Pinoy’ content in the US and abroad.

        • Mangabank “Suffers DDoS Attack” & Disappears Following Legal Action

          Manga indexing site Mangabank and several linked storage platforms were recently targeted in a US court by Japanese publisher Shueisha. With around 80 million visits per month, Mangabank was a huge player in the piracy ecosystem but has now disappeared. While it’s likely the legal action played a part, the site has also been dealing with a huge DDoS attack.

        • CC Community Spotlight Series: Meet Tyler Green

          This #GivingTuesday — Tuesday, November 30th, Creative Commons invites you to join our 20th Anniversary celebration. In the weeks leading up to #GivingTuesday, we’ll be spotlighting leaders in the Open Movement and encouraging you to support our Better Sharing, Brighter Future campaign.


Links 10/11/2021: KDE Plasma 5.23.3 and Ncurses 6.3

Posted in News Roundup at 7:36 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Exclusive: IGEL’s Linux OS Pact With HP Is A ‘Secure End Point Game-Changer’

        IGEL has inked a blockbuster pact with $57 billion PC behemoth HP Inc. that in one fell swoop puts IGEL’s secure endpoint Linux operating system into the hands of tens of thousands of HP resellers worldwide.

        HP is now preinstalling the IGEL OS on its top-selling thin client devices, with an eye towards moving it to HP’s mobile thin clients in the future, said IGEL.

        IGEL said the pact means HP partners can now get the IGEL OS through HP distributors around the world as an HP SKU on HP t430, t540 and t640 thin clients.

        “This marries the best Linux software for cloud workspaces with the industry’s leading hardware,” said IGEL CEO Jed Ayres in an exclusive interview with CRN. “This is a defining moment in our quest to be the standard operating system for cloud-delivered desktops with our secure Linux-based IGEL OS. This is recognition that we are first and foremost a software company that is setting the pace for what is a once-in-a-generation architectural change as the industry moves to cloud workspaces.”

    • Server

      • CIS-Harden your Ubuntu in Google Cloud | Ubuntu

        CIS Benchmarks are best practices for the secure configuration of a target system. The Center for Internet Security, Inc. (CIS®) is the authority backing CIS Benchmarks. Ubuntu Pro is entitled to be CIS compliant and packaged with CIS toolings from Canonical.

      • InAccel: Benefit from Enterprise FPGA acceleration on Kubernetes using SUSE Rancher
      • SUSE Rancher and Dell Container Storage Modules (CSM) | SUSE Communities

        Extend enterprise storage capabilities to SUSE Rancher, RKE2, RKE and K3S Kubernetes for cloud-native stateful applications with Dell Container Storage Modules (CSM). Dell CSMs enable simple and consistent integration and automation experiences. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization and, resiliency. The CSI Drivers by Dell EMC implement an interface between CSI (CSI spec v1.3) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays (Dell PowerStore, PowerScale, PowerFlex, PowerMax and Unity). It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system.

      • Kubernetes Community Elects Four Members to Its Steering Committee

        The Cloud Native Computing Foundation’s Kubernetes project announced the election of four members to the Kubernetes Steering Committee which oversees the governance of the Kubernetes project. The announcement was made in a blog by Kaslin Fields, a CNCF ambassador and a developer advocate at Google.

        Kubernetes is considered to be the de facto standard for managing containers, and is widely used in enterprise cloud native infrastructures.

      • Non-root Containers And Devices

        The user/group ID related security settings in Pod’s securityContext trigger a problem when users want to deploy containers that use accelerator devices (via Kubernetes Device Plugins) on Linux. In this blog post I talk about the problem and describe the work done so far to address it. It’s not meant to be a long story about getting the k/k issue fixed.

        Instead, this post aims to raise awareness of the issue and to highlight important device use-cases too. This is needed as Kubernetes works on new related features such as support for user namespaces.

    • Audiocasts/Shows

      • Kubuntu 21.10 Quick overview #Shorts – Invidious

        A Quick overview of Kubuntu 21.10

      • Xmonad Needs Your Support – Invidious

        Xmonad recently had its biggest release in years! And with the big release, the Xmonad team have put all a call to the community asking for your help. They are asking for artwork contributions via a logo contest (with a cash prize for the winner), and they are asking for GitHub sponsorships to help fund future development.

      • PopOS Working On A New Rust Desktop Environment!! – Invidious

        Until now PopOS has been using Gnome as their desktop environment with heavy modifications but that may change at some point in the future as they’re reportedly working on a new DE written in Rust

      • Enterprise Linux Security Episode 7 – ELevate – Invidious

        Remaining on legacy Linux distributions can lead to additional security risks as time goes on, and migrating to a newer and better supported distribution can be a very difficult endeavor for most administrators. In this episode, Jay and Joao are joined by Jack from AlmaLinux, and we talk about ELevate – a tool that can be used to migrate from a distribution in the Enterprise Linux family to another Enterprise Linux distribution.

    • Kernel Space

      • Xen With Linux 5.16 Will Allow For Faster Booting Of Guests – Phoronix

        Xen para-virtualized guests booting on the Linux 5.16 kernel should see noticeably quicker boot times.

        Sent out today were the Xen patches for Linux 5.16. Besides having some code lcean-ups, para-virtualized interrupt masking made simpler, Xen “pciback” driver support for Arm, and other smaller enhancements, there is also work to speed-up guest booting. In particular, the booting up of Xen PV (para-virtualized) guests should be much quicker with Linux 5.16 and beyond.

      • More Of Intel’s CXL Enablement Code Arrives For Linux 5.16 – Phoronix

        Intel’s open-source Linux engineers continue to be quite busy bringing up CXL interconnect support within the mainline kernel. For the in-development Linux 5.16 is another batch of code landing.

      • Linux kernel 5.10.78 compiled

        Ha ha, that was a short-lived release! EasyOS version 3.1.9 was announced yesterday, and pulled down after being online only a few hours:


        The issue was awful behaviour of Firefox on my Acer Aspire 1 laptop. Perhaps it is a GPU-related problem.
        I have decided not to try and jump over two big puddles. Instead, will jump over just one big puddle, which is the move to pulseaudio. This is bound to have issues. The addition of an extra browser, Firefox or Chrome, in the build, can wait until later.

      • Linux 5.16 Has Early Preparations For Supporting FGKASLR – Phoronix

        Being worked on for more than a year by Intel and other kernel developers has been FGKASLR to enhance kernel security. While the Linux kernel has long supported Address Space Layout Randomization (ASLR) to make memory addresses less predictable, FGKASLR ups the security much more by placing that randomization at the function level. It’s looking like FGKASLR could be mainlined soon.

        FGKASLR isn’t being picked up for Linux 5.16 but there is preparation work landing in this kernel so hopefully the feature isn’t too far out. Finer Grained Kernel Address Space Layout Randomization (or sometimes referred to as Function Granular KASLR) allows for function reordering on top of the base address randomization of ASLR.

        FGKASLR ups the security against kernel attacks requiring known memory locations within the kernel but can cause minor (~1%) performance penalties. Since being first announced in 2020, FGKASLR has been undergoing several rounds of review.

      • Linux 5.16 to bring mainline support to Raspberry Pi 4 Compute Module – and the nifty devices built around it

        While folks straddling the worlds of both Windows and Linux will appreciate the shiny NTFS support in version 5.15 of the open-source kernel, Arm device users may find more to appreciate in the following release.

        Linux kernel 5.16 will include mainline support for the Raspberry Pi 4 Compute Module, as well as the Apple M1 chip’s PCI Express controller as Linux inches its way towards a full Linux desktop on M1 Macs.

        This means it should be possible to run a mainline 5.16 kernel on a Raspberry Pi 4 Compute Module without any extra build steps or patches.

        The Raspberry Pi 4 Compute Module is targeted more at system integrators than end-users. Even tinier than the credit-card sized Pi 4, the Compute Modules are designed to plug into larger IO boards, enabling the Pi to power specialist gadgets. The Raspberry Pi Foundation naturally offers one of these boards, and third parties are free to design and flog their own.

      • AMD

        • AMD EPYC 7003 Series Performance Across Autumn 2021 Linux Distributions

          These five Linux distributions were benchmarked on the same EPYC server comprised of two AMD EPYC 75F3 processors for a combined 64 cores / 128 threads, an ASRockRack ROME2D16-2T motherboard, 16 x 8GB DDR4-3200 memory, and a 1TB WD_BLACK SN850 NVMe solid-state drive.

          The five Linux distributions under test was Alma Linux 8.4 (RHEL 8.4 alternative), CentOS Stream for tracking the latest upstream work ahead of RHEL 9, Clear Linux 35150 for Intel’s latest optimized Linux distribution, Fedora Server 35, and then Ubuntu 21.10. Each of the five Linux distributions were cleanly installed on this server and benchmarking them in their out-of-the-box / default configuration for seeing how these latest Linux distributions compete on the current-generation AMD server platform.

    • Nvidia

    • Applications

      • LXD 4.20 Containers Released, Provides Ability for Live Migration

        LXD 4.20 users will be happy to see in this release the initial implementation of live migration and core scheduling support.

        LXD is a next generation system container manager. The simplest way to define LXD is to say it’s an extension of LXC.

        Technically LXD is a REST API that connects to libxlc, the LXC software library. As you know, LXC, short for “Linux containers”, is a solution for virtualizing software at the operating system level within the Linux kernel.

    • Instructionals/Technical

      • Linux Mint’s Sticky Note App Looks Great Now! Here’s how to get it in Ubuntu | UbuntuHandbook

        For those looking for Google Keep or Windows Sticky Notes style desktop noting app, Linux Mint’s “sticky” is a good choice for Ubuntu Linux.

        Linux Mint maintains some great apps. Sticky is one of them that sticks an electronic version of Post-it Note on your desktop. It’s GTK3 app written in Python3 and works on most desktop environments.

        With it, you may create as many notes as possible on desktop. And, it allows to set different color palette for each note: Blue, Green, Magenta, Orange, Purple, Red, Teal, and Yellow.

      • Getting Started with Docker: Portainer CE – LinuxLinks

        There are some great tools that make Docker easier to use.

        One of our favourites is Portainer. It’s a lightweight and easy to use management UI that lets us easily manage our different Docker environments. Its simple graphical interface is accessed with a web browser. The community edition is free and open source software. Portainer works with Docker, Docker Swarm and Kubernetes. It can be deployed in the cloud on prem or at the edge.

        Portainer supports a wide range of features for managing the Docker containers, such as managing the creation and deletion of Swarm services, user authentication, authorizations, connecting, executing commands in the console of running containers, and viewing containers’ logs.

        Portainer consists of a single container that can run on any cluster.

      • exa: A Modern Replacement for the ls Command

        I bet you have used the ls command in Linux. It’s one of the first command you use while learning Linux commands.

        The simple ls command is quite handy for listing directory content. I never really though any command could replace it until I discovered exa.

      • How To Install KeePass on Linux Mint 20 – idroot

        In this tutorial, we will show you how to install KeePass on Linux Mint 20. For those of you who didn’t know, KeePass is an open-source cross-platform password manager filled with multiple amazing features. It lets you save as many passwords as you wish hence freeing you from the hassle of memorizing and recalling your passwords every time you wish to access an account. If you are using LastPass, Bitwarden, AnyPAssword, and many others, then importing passwords from them is also possible in KeePass. The KeePass password manager can also be used very efficiently with the Windows, macOS, iOS, or even Android operating systems.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of a KeePass password manager on a Linux Mint 20 (Ulyana).

      • How to install VMware Workstation on Ubuntu 20.04 – Unixcop the Unix / Linux the admins deams

        VMware Workstation Pro (known as VMware Workstation until release of VMware Workstation 12 in 2015) is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

        It enables users to set up virtual machines (VMs) on a single physical machine and use them simultaneously along with the host machine. Each virtual machine can execute its own operating system.

        In this tutorial, we will illustrate how to install VMware Workstation on Ubuntu systems.

      • Linux Essentials – nano (command-line text editor) – Invidious

        When you’re working with Linux servers, you may or may not always have access to a GUI, which is why it’s important to learn at least one command-line text editor. In this video, we’ll explore the core fundamentals of nano. nano is a text editor that’s among the easiest to learn.

      • Sequence – making PatternDB creation for syslog-ng easier – Blog – syslog-ng Community – syslog-ng Community

        We are well into the 21st century, but most of the log messages still arrive in an unstructured format. For well over a decade, syslog-ng had a solution to turn unstructured messages into name-value pairs, called PatternDB. However, creating a pattern database for PatternDB from scratch is a source of major pain. Or rather, it was: sequence-rtg – a fork of the sequence log analyzer – provides a new hope! It can easily create ready-to-use patterns for your most frequent log messages.

        Sequence-rtg is still in beta phase, and therefore is a bit rough around the edges. However, once you deal with the initial struggles of creating the database, it works just fine. Especially if you have lots of log messages. My experience was that the more log messages and larger batch sizes I had, the better quality patterns were generated.

    • Games

      • Pokemon Time Capsule | Hackaday

        The precious Pokemon we spent hours capturing in the early nineties remain trapped, not just by pokeballs, but within a cartridge ravaged by time. Generally, Pokemon games before the GameBoy Advance era had SRAM and a small coin cell to save state as NVRAM (Non-volatile random access memory) was more expensive. These coin cells last 10-15 years, and many of the Pokemon games came out 20 years ago. [9943246367] decided to ditch the battery and swap the SRAM for a proper NVRAM on a Pokemon Yellow cartridge, 23 years later.

    • Desktop Environments/WMs

      • Felt Qt (might delete later)*: Two non-Gtk Linux desktops have put out new versions

        There are loads of Linux desktops to choose from, but the majority use some version of GNOME’s Gtk. Only a handful favour the Qt toolkit, and two of them just released new versions.

        Release 14.0.11 of the Trinity Desktop Environment (TDE) just appeared. TDE was forked from KDE 3 by a team who didn’t care for KDE 4′s focus on widgets.

        They may have had a point; Linux supremo Linus Torvalds was sceptical about them as well.

        KDE adopted widgets when they were trendy, soon after Windows Vista, but Microsoft dumped them again after Windows 7. TDE is admittedly one of the more niche options, but it’s good to see signs of life.

      • K Desktop Environment/KDE SC/Qt

        • KDE Plasma 5.23.3 Further Improves the Wayland Session, Ports Plasma 5.24’s Focus Ring Feature

          Coming two weeks after KDE Plasma 5.23.2, the KDE Plasma 5.23.3 point release is here to further improve the Plasma Wayland session by making the Mozilla Firefox web browser more responsive to files that are being dragged and dropped, fix the panel’s auto-hide animation, address a Plasma crash that occurred when turning an external display off and back on again, as well as to fix a Plasma hang that occurred when hovering the Digital Clock applet to view the tooltip.

        • KDE Plasma 5.23.3, Bugfix Release for November

          Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.23.3.

          Plasma 5.23 was released in October 2021 with many feature refinements and new modules to complete the desktop experience.

          This release adds two weeks’ worth of new translations and fixes from KDE’s contributors. The bugfixes are typically small but important and include…

        • Fixing Adaptive Transparency PART 2/2: THE FIX – Kockatoo Tube
        • OpenUK Awards 2021, COP26 and KDE – Jonathan Esk-Riddell’s Diary

          The OpenUk awards reconise and celebrate the best in open tech in the UK over the last year. We have a bunch of awards this year and the shortlists are up. I’ve clerked the judges into tracking down the gossip on all the shortlisted nominees and we do have final winners which will be announced at the ceremony on Thursday evening.

          The ceremony is at COP26 in Glasgow, Scotland. This is the UN conference to try to get international agreement on mitigating the worst affects of the climate crisis. We’ll be one of the last events there.

          I’ll be making announcement about KDE’s sustainability effort in front of the politicians and tech audience which I’m very excited about.

          You can sign up to watch the day event on sustainability in tech. The evening award ceremony will have its video published shortly after the event.

    • Distributions

      • IBM/Red Hat/Fedora

        • Red Hat collaborates with NVIDIA to deliver record-breaking STAC-A2 Market Risk benchmark

          We are happy to announce a record-breaking performance with NVIDIA in the STAC-A2 benchmark, affirming Red Hat OpenShift’s ability to run compute heavy, high performance workloads. The Securities Technology Analysis Center (STAC®) facilitates a large group of financial firms and technology vendors that produces benchmark standards which enable high-value technology research and testing software for multiple financial applications.

          Red Hat and NVIDIA collaborated to create this latest STAC-A2 entrant, and STAC performed an independent, third-party audit. These are the first public STAC-A2 results using Red Hat OpenShift. Compared to all other publicly reported results to-date, this solution based on Red Hat OpenShift and NVIDIA DGX A100 set several new records for performance metrics and energy efficiency…

        • Improving the performance and space efficiency of SELinux

          Performance is important when it comes to security features such as SELinux. While the performance impact of typical workloads has been long known to be small for most workloads (see for example the SELinux benchmarks of Fedora 31 by Phoronix), certain specific operations are slower than they could be.

          In addition, there are also memory and disk space usage issues, which can lead to unnecessarily large virtual machine images or minimum memory requirements.

          In this post, I will present some of these gaps that I found and fixed upstream. Together, these improvements:

        • Biometric authentication with WebAuthn and SSO

          Providing users with secure, convenient authentication that doesn’t rely solely on passwords is a challenge for many application developers and administrators. Passwords can be compromised through leaks, or cracked by malicious intruders, and strong passwords may be too complex for users to remember.

          WebAuthn support in version 7.5 of Red Hat’s single sign-on technology (SSO) makes it possible to use biometric data for user authentication. With WebAuthn, users can authenticate using a fingerprint scanner or face recognition, features available in most modern smartphones and laptops.

          This article shows you how to configure Red Hat’s SSO to use WebAuthn for biometric user authentication. Our example is based on a JavaScript application built using the React framework, along with the Google WebAuthn emulator.

        • Automating JDK Flight Recorder in containers

          This article is part of a series of hands-on guides to using Cryostat 2.0, or JDK Flight Recorder for containers. This article introduces Cryostat’s new API for automated rules. We’ll walk through two use cases highlighting the API’s compact but powerful rule definitions. You’ll see how to use rule definitions to specify a match expression for one or more target Java applications, and how to configure the type of flight recording you want to start on these targets.

          Once you’ve created a rule, Cryostat immediately matches it against all existing discovered targets and starts your flight recording. Cryostat will also apply the rule to newly discovered targets that match its definition. You can create multiple rules to match different subsets of targets or to layer different recording options for your needs.

          The automated rules API is brand new in Cryostat 2.0, and we haven’t yet developed the user interface (UI) for it. For now, we’ll use curl to interact with the Cryostat HTTP API directly.

        • 4 realities IT leaders should know about remote developers now

          The pandemic brought a lot of change in the way teams interact with each other. Along with many workers being forced into home office setups came new challenges – with communication, remote workstation access, and cybersecurity (now of heightened importance). Hopefully, by now your organization has figured out a way to support remote work. But this isn’t temporary; a more distributed and remote-capable workforce is where things are headed.

          As IT leaders think about remote and hybrid models of work for teams, and adopt tools for virtual meetings and file sharing, it’s vital to consider the individual needs of a valuable team role – the developer. Here are a four factors to consider:

        • 3 essential soft skills IT pros need

          IT continues to be one of the fastest-growing employment sectors. However, as remote work environments become increasingly common and technology becomes further intertwined with other business functions, the role of the IT professional is evolving.

          As today’s IT professionals engage with more colleagues throughout the business, their skills must extend well beyond technical expertise. Over 40 percent of respondents to a recent study by West Monroe admitted encountering IT professionals who struggle with collaboration, hampering productivity. As a result, hiring managers are looking for IT prospects with comprehensive soft skills to add greater value to their business.

        • What is a technical marketing manager?

          First off, from one organization to the next, there will be different names for these roles and different alignments of responsibilities. Red Hat is a unique company with a unique culture, so this may not represent how technical marketing works in your organization.

          My work revolves around three roles: product marketer (PMM), technical marketing manager (TMM), and product manager (PM).

          Product managers work as a lead for their product or feature. They help write features with engineering, cast vision for their roadmap, and work with marketing to build a story that ties the market problem together with the component designed to fix it.

          Product marketers help define the message: Why would an organization care about the feature we are building? What business problems do we need to address? I’ll leave a more in-depth overview of these roles to others, but in short, that is their purview.

      • Debian Family

        • Raspberry Pi OS: Now running on Debian ‘bullseye’ Linux

          Debian 11, dubbed ‘bullseye’ and the successor to ‘buster’, arrived in August and now the makers of the Raspberry Pi have finally updated Raspberry Pi (RPi) OS to this version.

          The move to Debian 11 for Raspberry Pi OS took a little longer than expected and doesn’t bring a huge amount of changes from the Debian side. However, there are several changes that come from the RPi side.

        • Raspberry Pi OS hits the bullseye

          The latest Raspberry Pi OS release switches to Debian 11 “bullseye” and offers the GTK+3 UI toolkit and the “mutter” window manager, which requires 2GB RAM. Meanwhile, the upcoming Linux 5.16 will include mainline support for the RPi CM4.

          Raspberry Pi announced the release of a new version of Raspberry Pi OS (formerly Raspbian), which advances to the Debian 11 “bullseye” release. Debian 11.0 was released in August as a major upgrade from the two-year old Debian buster.

        • Debian 11 Based Raspberry Pi OS 2021-10-30 Update Available to Download – itsfoss.net

          Debian 11 Based Raspberry Pi OS 2021-10-30 Update Available to Download, Raspberry Pi OS is a Debian-based distribution custom-built for Raspberry Pi computers. The development team have published a new version of Raspberry Pi OS which carries the code name “Bullseye”.

          The new version is based on Debian 11 and upgrades a number of desktop components. “All of the desktop components and applications are now using version 3 of the GTK+ user interface toolkit. GTK+ is a layer of software that applications can use to draw standard user interface components (known as ‘widgets’) such as buttons, menus and the like, so that all applications have a consistent look and feel. Up until now, most of the desktop has used version 2 of the GTK+ toolkit, but increasing numbers of Debian applications are using GTK+3, so to try and keep things consistent, we’ve upgraded all our software and the desktop itself to the newer version. GTK+3 has been around for several years now, and people have occasionally asked why we didn’t move to it before now. The simple answer is that many things are much easier to do with GTK+2 than with GTK+3, particularly when it comes to customising the appearance of widgets – GTK+3 has removed several useful features which we relied upon. It has ended up being necessary to find work-arounds to a lot of these – hopefully no one will notice them and everything will still work as before!” Additional details can be found in the project’s release announcement.

        • Bullseye – the new version of Raspberry Pi OS

          Every two years, Debian Linux, on which Raspberry Pi OS is based, gets a major version upgrade. Debian ‘buster’ has been the basis of Raspberry Pi OS since its release in 2019, and Debian ‘bullseye’ was released in August. (As some of you may know, Debian name their versions after characters in Disney/Pixar’s Toy Story films – Bullseye was Woody’s horse in Toy Story 2.)

      • Canonical/Ubuntu Family

        • Developers can now launch Linux instances on Apple M1 | TechRadar

          Canonical, the power behind the development of Ubuntu, has launched the latest version of Multipass that will now let M1 Macbook users run Ubuntu virtual machines (VMs), with minimal fuss.

          Multipass is a lightweight VM manager for Linux, Windows and macOS, which helps developers spin up a fresh Linux environment with a single command.

          According to Canonical, with the support for M1 MacBooks, Multipass will help get developers running Linux faster than any other option on the market.

        • Canonical Transforms Linux on Mac

          On the heels of Apple’s announcement of a new line of game-changing M1 MacBooks, Canonical is bringing fast and easy Linux to the M1 platform. Multipass, the quickest way to run Linux cross-platform, received an update last week allowing M1 users to run Ubuntu VMs with minimal set-up. Multipass can download and launch a virtual machine image with one command, and developers on M1 can now get running on Linux in as little as 20 seconds.

        • Ubuntu’s publisher brings Linux support to M1 Macs with ‘Multipass’

          Canonical, Ubuntu’s publisher, announced today “the quickest way” to run Linux cross-platforms on M1 Macs. With Multipass, users can launch a virtual machine image with one command and have Linux running on an M1 Mac in as little as 20 seconds.

          Although Canonical claims to be the first platform to transform the M1 Mac on a Linux computer, the folks over at Linux Kernel have been improving its platform monthly to offer the best experience possible on the Mac. Last month, the creators of the project said Linux is now “usable as a basic desktop.”

        • Apple Silicon version of Canonical’s Multipass is here • The Register
        • Going Ubuntu on an M1 Mac with Multipass: Thanks VM, it’s Linux on the desktop

          An Apple Silicon version of Canonical’s Multipass has arrived, adding another way of firing up Linux on an M1-powered Mac.

          Although getting a full desktop on an M1 Mac is tricky at present (although not too far off) firing up a virtual machine on the platform allows developers to code against the operating system from the comfort of their new gizmos.

          We first looked at Multipass in 2019, and found it a handy tool in Windows 10 for when a full-fat Hyper-V session was overkill and Windows System for Linux failed to cut the mustard. While the evolution of WSL into a lightweight VM-based Linux platform might have somewhat cut the need for Multipass on Windows, the arrival of the M1 chip has opened up another front. Hence Multipass on the M1 Mac.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • 20 Open-source Low-code platforms for 2021/ 2022

        Low-code is a software development trending topic, in summary, it is an approach that speeds up the software products cycle with minimal hand-coding as it automates the repeated process and code.

        Some may argue that Low-code developments platforms aim to help non-professional or citizen developers to build apps quickly; however, many enterprises are using Low-code because of its productivity.

        Low-code development is a RAD “Rapid Application Development” approach, but with more organized was, as it streamlines the software production and automates all steps.

      • Restyaboard: Open-source self-hosted project management system for teams

        If you are an avid user of Trello, then likely, you searched for an open-source alternative. Trello is a feature-rich web-based project management system for teams.

        Although it is free to use, it is not open-source or even self-hosted.

        Here, we offer you an alternative, that matches almost all Trello features and more, Restyaboard.

      • Grocy: An Open-source ERP for Grocery stores

        We often see general-purpose open-source ERP solutions, but on a rare occasion, we witness a customized specific one like Grocy.

      • Web Browsers

        • Top 9 lightweight web browsers for Linux

          Open source web browsers have come a long way since the introduction of Firefox, Chrome, and Chromium. Current web browsers are advanced to manage graphics, videos, apps, and many more. However, this makes web browsers consume a lot of hardware resources like RAM and storage space. On the other hand, mainstream browsers like Firefox and Chromium work quite well on systems with modern hardware resources.

          However, Linux operating systems running on old PC or laptops require light browsers to work fast and seamlessly. That is one of the reasons why most of the Linux OS like Ubuntu, Fedora, Centos, Linux Mint come with Firefox Mozilla as the default browser. However, Firefox might still not be as lightweight as we would like.

        • Mozilla

          • Tor Browser 11.0 Comes Based on Firefox ESR 91

            Tor Browser 11 is now the new stable version available to all those Internet users who seek to avoid, that their web communications are easy to track.

            Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. The Tor Browser is a web browser that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

          • Audio fix at bootup

            EasyOS runs fine, except as I reported yesterday, Firefox behaves very badly, with window going blank, freezing, hanging the entire desktop. So, for now, have built Easy, with only SeaMonkey. Now, about that sound problem…

          • Firefox: the first major browser to be available in the Windows Store [Ed: Mozilla associates Firefox with the monopoly of Microsoft… and that DRM store. I think they do a fine job tarnishing what’s left of the brand.]

            As of today, Firefox desktop is the first major browser to become available in the Windows Store for Windows 10 and Windows 11 users. Previously, if you were on Windows and wanted to use Firefox, you had to download it from the internet and go through a clunky process from Microsoft. Now that Microsoft has changed its Store policies, choosing Firefox as your desktop browser is even more seamless – and it comes with all the latest Firefox features.

      • SaaS/Back End/Databases

        • Pgpool-II 4.3 beta1 is now released.

          Pgpool Global Development Group is pleased to announce the availability of Pgpool-II 4.3 beta1. This is not intended to be used in production but is close to the release version. So users are encouraged to test it out.

      • FSF

        • Join us for the International Day Against DRM (IDAD) 2021 community planning meeting

          Each year, the Free Software Foundation (FSF) stages the International Day Against DRM (IDAD), and this year, we want to work with the community more closely than ever before and bridge the gap between anti-DRM activists, those involved with the software freedom movement, and everyday individuals. Together, we’ll stand up against DRM on December 10th.

          As one of the most memorable parts of last year’s Day Against DRM was our informal advocacy strategy session held over BigBlueButton, we want to begin our public planning of the event with a similar meeting. We’re inviting you to collaborate with us in the preparation for this year’s IDAD, sharing suggestions and anti-DRM activism methods, as well as organizing online satellite events.

        • Faulty DRM breaks dozens of games on Intel’s Alder Lake CPUs

          Longtime Ars readers probably remember some of the many cases in which overly onerous DRM prevented game owners from playing their legitimate purchases. We’re seeing that situation play out again today, this time thanks to how some DRM systems interact with the unique features of Intel’s 12th-generation “Alder Lake” CPUs.

          Intel’s Alder Lake big.little CPU design, tested: It’s a barn burner
          We’ve already covered how Alder Lake’s hybrid “big.little” design splits the CPU’s workload into high-powered “performance” (P) cores and low-powered “efficiency” (E) cores. But after hinting at the potential issue in a developer FAQ last month, Intel is now confirming that some games contain DRM that Intel says “may incorrectly recognize 12th Generation Intel Core Processors efficient-cores (E-cores) as another system.” That issue can lead to games that “may crash during launch or gameplay or unexpectedly shut down,” Intel says.

          PC Mag’s Chris Stobing explained that the issue arises from the DRM middleware treating the two different types of cores as two distinct systems. “Once it detects that some portion of the load has been split between the P- and E-cores, it sees the new cores as a new license holder (a separate system) and force-quits the game to prevent what it believes is two PCs trying to play one game on the same key,” he said.

        • GNU Projects

          • ncurses 6.3
             Announcing ncurses 6.3
               The  ncurses  (new  curses)  library  is  a free software emulation of
               curses  in  System  V  Release  4.0 (SVr4), and more. It uses terminfo
               format,  supports  pads  and  color  and multiple highlights and forms
               characters and function-key mapping, and has all the other SVr4-curses
               enhancements  over  BSD curses. SVr4 curses became the basis of X/Open
               In  mid-June  1995,  the  maintainer of 4.4BSD curses declared that he
               considered  4.4BSD curses obsolete, and encouraged the keepers of unix
               releases such as BSD/OS, FreeBSD and NetBSD to switch over to ncurses.
               Since 1995, ncurses has been ported to many systems:
                 * It is used in almost every system based on the Linux kernel (aside
                   from some embedded applications).
                 * It  is  used  as the system curses library on OpenBSD, FreeBSD and
                 * It  is used in environments such as Cygwin and MinGW. The first of
                   these was EMX on OS/2 Warp.
                 * It is used (though usually not as the system curses) on all of the
                   vendor  unix  systems,  e.g.,  AIX,  HP-UX,  IRIX64, SCO, Solaris,
                 * It should work readily on any ANSI/POSIX-conforming unix.
               The distribution includes the library and support utilities, including
                 * captoinfo, a termcap conversion tool
                 * clear, utility for clearing the screen
                 * infocmp, the terminfo decompiler
                 * tabs, set tabs on a terminal
                 * tic, the terminfo compiler
                 * toe, list (table of) terminfo entries
                 * tput,  utility  for  retrieving  terminal  capabilities  in  shell
                 * tset, to initialize the terminal
               Full manual pages are provided for the library and tools.
               The ncurses distribution is available at ncurses' homepage:
                 ftp://ftp.invisible-island.net/ncurses/ or
                 https://invisible-mirror.net/archives/ncurses/ .
               It is also available via anonymous FTP at the GNU distribution site
                 ftp://ftp.gnu.org/gnu/ncurses/ .
          • Ncurses 6.3 Released With Experimental Windows Terminal Driver

            A new version of the Ncurses text-based user interface library is now available and most notable is a new but experimental driver for supporting the Windows Terminal.

            Ncurses 6.3 ships with an experimental driver for handling the Windows Terminal for enjoying Ncurses TUIs under that terminal.

        • Licensing/Legal

          • SFC Files GPL Enforcement Suit Against Vizio Advancing Novel Legal Theories

            Software Freedom Conservancy filed a lawsuit in late October 2021 against Vizio, claiming violation of the GPL and LGPL with respect to its SmartCast TVs. The complaint is here. The complaint is styled first as a claim of breach of contract, and then a claim for declaratory relief.

            Lawsuits to enforce GPL are still quite rare, and among them, this one is radically different in its legal structure from those that have come before. In fact, it conflicts with much of the conventional wisdom about enforcement of licenses like GPL, even principles previously enunciated by the Software Freedom Law Center and the Free Software Foundation–who have had their disagreements with Software Freedom Conservancy in the past.

      • Programming/Development

        • Benjamin Mako Hill: The Hidden Costs of Requiring Accounts

          This question has been a source of disagreement among people who start or manage online communities for decades. Requiring accounts makes some sense since users contributing without accounts are a common source of vandalism, harassment, and low quality content. In theory, creating an account can deter these kinds of attacks while still making it pretty quick and easy for newcomers to join. Also, an account requirement seems unlikely to affect contributors who already have accounts and are typically the source of most valuable contributions. Creating accounts might even help community members build deeper relationships and commitments to the group in ways that lead them to stick around longer and contribute more.

        • Nibble Stew: Typesetting a whole book part III, the analog edition

          In earlier editions (part 1, part 2) we looked at typesetting a full book to a PDF file. This is fun and all, but until you actually hold a physical copy in your hands you don’t really know how good the end result is. Puddings, eatings and all that.

          So I decided to examine how would you go about printing and binding an entire book. For text I used P. G. Wodehouse’s The Inimitable Jeeves. It has roughly 220 pages which is a good amount for perfect binding. Typesetting it in LibreOffice only took a few hours. To make things even simpler I used only one font, the Palatino lookalike P052 that comes packaged with Ghostscript. As the Jeeves stories take place in the 1920s something like Century would have been more period accurate but we’ll have to work with what we got.

          The only printer I had access to was an A4 laser printer that could only print on one side of the page. Thus to keep things as simple as possible the page size became A5, which is easy to obtain by folding A4 paper in half. None of the printer dialogs seemed to do the imposition I needed (single page saddle fold, basically) so I had to convert the A5 originals to A4 printable sheets with a custom Python script (using PyPDF2)

        • GCC 12 Lands Support For -march=armv9-a – Phoronix

          After announcing ARMv9 earlier this year and the likes of the Cortex-X2, the open-source code compilers has been preparing for this evolutionary advancement over ARMv8.

          LLVM/Clang has been working on Armv9-A enablement and the GNU toolchain from Binutils to the GNU Compiler Collection have also been preparing their new code. As of today GCC 12 hit the stage of being able to target -march=armv9-a as of this commit. Using “-march=armv9-a” is used for targeting the ARMv9-A ISA and enabling the new instructions available. Tuning is currently based on the existing ARMv8 Cortex-A53. This is an important step for supporting the next-gen Arm architecture.

        • mrcal 2.0: triangulation and stereo

          mrcal is my big toolkit for geometric computer vision: making models (camera calibration) and using models (mapping, ranging, etc).

          Since the release of mrcal 1.0 back in February I’ve been busy using the tools in the field, fixing things and improving things. Today I’m happy to finally be able to announce the release of mrcal 2.0.

          A big part of this release is maintenance and cleanup that resulted from me heavily using the tools over the course of this past year, and improving whatever was bugging me. The most notable result of that effort, is that splined models are no longer “experimental”. They work well and they’re awesome. Go try them.

          And there’re a number of new features, most notably nice dense stereo support and nice sparse triangulation support (with uncertainty propagation!) These are awesome. Go try them.

        • Joachim Breitner: How to audit an Internet Computer canister

          I was recently called upon by Origyn to audit the source code of some of their Internet Computer canisters (“canisters” are services or smart contracts on the Internet Computer), which were written in the Motoko programming language. Both the application model of the Internet Computer as well as Motoko bring with them their own particular pitfalls and possible sources for bugs. So given that I was involved in the creation of both, they reached out to me.

          In the course of that audit work I collected a list of things to watch out for, and general advice around them. Origyn generously allowed me to share that list here, in the hope that it will be helpful to the wider community.

        • Ruby

          • Ruby 3.1.0 Preview 1 Released

            Ruby 3.1 merges YJIT, a new in-process JIT compiler developed by Shopify.

            Since Ruby 2.6 introduced MJIT in 2018, its performance greatly improved, and finally we achieved Ruby3x3 last year. But even though Optcarrot has shown impressive speedups, the JIT hasn’t benefited real world business applications.

            Recently Shopify contributed many Ruby improvements to speed up their Rails application. YJIT is an important contribution, and aims to improve the performance of Rails applications.

            Though MJIT is a method-based JIT compiler and uses an external C compiler, YJIT uses Basic Block Versioning and includes JIT compiler inside it. With Lazy Basic Block Versioning (LBBV) it first compiles the beginning of a method, and incrementally compiles the rest when the type of arguments and variables are dynamically determined. See YJIT: a basic block versioning JIT compiler for CRuby for a detailed introduction.

            With this technology, YJIT achieves both fast warmup time and performance improvements on most real-world software, up to 22% on railsbench, 39% on liquid-render.

            YJIT is still an experimental feature, and as such, it is disabled by default. If you want to use this, specify the –yjit command-line option to enable YJIT. It is also limited to macOS & Linux on x86-64 platforms for now.

          • Jakub Kadlčík: Rebuilding the entire RubyGems in Copr

            From the 166 699 Gems hosted on RubyGems.org, 98 816 of them were successfully built in Copr for Fedora Rawhide. That makes a 59.3% success rate. For the rest of them, it is important to distinguish in what build phase they failed. Out of 67 883 failures, 62 717 of them happened while converting their Gemfile into spec and only 5 166 when building the actual RPM packages. It means that if a Gem can be properly converted to a spec file, there is a 95% probability for it to be successfully built into RPM.

        • Python

          • How to package your Python code | Opensource.com

            You’ve spent weeks perfecting your code. You’ve tested it and sent it to some close developer friends for quality assurance. You’ve posted all the source code on your personal Git server, and you’ve received helpful bug reports from a few brave early adopters. And now you’re ready to make your Python code available to the world.

        • Shell/Bash/Zsh/Ksh

          • A quick cross-file comparison with AWK

            I really like AWK. It allows me to do simple, effective, ad hoc processing of data files, as this post will demonstrate. If AWK was a football club I’d be an ardent supporter: “Carn the mighty AWK!”

  • Leftovers

    • How to Prepare for Power Outages | WIRED

      I LIVE IN the Philadelphia area, and that puts me in the direct line of fire for two major water-type attacks. We get the remnants of hurricanes in the summertime and what’s known as nor’easters in the winter. (For those not from the Northeast, that’s a cyclone of cold frozen hatred that hovers up our coast.) Sure, they each bring their own brand of natural strife, but they also make us vulnerable to every geek’s nightmare: the dreaded power outage. And since my place fully runs on electricity (no gas or oil), I’ve had to develop a playbook for those dark times.

      Whether it’s feet of snow or downed power lines, we need our electricity. Having been a Cub Scout as a lad, I am thankfully well prepared, but I realize that there are probably many people out there that aren’t. This guide is for you to bookmark forever.

    • This $0 Filament Drybox Needs Nearly No Parts | Hackaday

      [Spacefan]’s solution uses a filament roll’s own packing materials and a single 3D-printed part to create a sealed environment for a single roll. The roll lives inside a plastic bag (potentially the same one it was sealed in) and filament exits through a small hole and 3D-printed fitting that also uses a bit of spare PTFE tubing. The box doubles as a convenient container for it all. It doesn’t have as much to offer as this other DIY drybox solution, but sure is simple.


      While we appreciate the idea, this design is sure to put a lot of friction on the spool itself. It will be a lot of extra work to pull filament off the spool, which needs to turn inside a bag, inside a box, and that extra work will be done by the 3D printer’s extruder, a part that should ideally be working as little as possible. The re-use of materials is a great idea, but it does look to us like the idea could use some improvement.

    • Development Of Magnetic Locking Idea Shows Great Progress | Hackaday

      No matter how its done, with whatever level of fakery, magnetic levitation just looks cool. We don’t know about you, but merely walking past the tackiest gadget shop, the displays of levitating and rotating objects always catches our eye. Superconductors aside, these devices are pretty much all operating in the same way; an object with a permanent rare-earth magnet is held in a stable position between a pair of electromagnets one above and one below, with some control electronics to adjust the field strength and close the loop.

      But, there may be another way, albeit a rather special case, where a magnet can not only be levitated, but locked in place using a rotating magnetic field. The video shows a demonstration of how the mass of a magnet can be used to phase lock it against a rotating field. In essence, the magnet will want to rotate to align with the rotating magnetic field, but its mass will mean there is a time delay for the force to act and rotation to occur, which will lag the rotating magnetic field, and if it is phased just so, the rotation will be cancelled and the magnet will be locked in a stable position. Essentially the inertia of the magnet can be leveraged to counteract magnet’s tendency to rapidly rotate to find a stable position in the field.

    • Science

      • NASA’s New Moon Missions Are Happening Really Soon | Hackaday

        NASA first landed a human on the moon back in 1969, and last achieved the feat in December 1972. In the intervening years, there have been few other missions to Earth’s primary natural satellite. A smattering of uncrewed craft have crashed into the surface, while a mere handful of missions have achieved a soft landing, with none successful from 1976 to 2013.

        However, NASA aims to resume missions to the lunar surface, albeit in an uncrewed capacity at this stage. And you won’t have to wait very long, either. The world’s premier space agency aims to once again fly to the Moon beginning in February 2022.

    • Hardware

      • Teardown: Analog Radionic Analyzer | Hackaday

        Have you ever looked up a recipe online, and before you got to the ingredients, you had to scroll through somebody’s meandering life story? You just want to know how many cans of tomato paste to buy, but instead you’re reading about cozy winter nights at grandma’s house? Well, that’s where you are right now, friend. Except instead of wanting to know what goes in a lasagna, you just want to see the inside of some weirdo alternative medicine gadget. I get it, and wouldn’t blame you for skipping ahead, but I would be remiss to start this month’s teardown without a bit of explanation as to how it came into my possession.

        So if you’ll indulge me for a moment, I’ll tell you a story about an exceptionally generous patron, and the incredible wealth of sham medical hokum that they have bestowed upon the Hackaday community…

      • European server sales sink to 4-year low: Cloud, software-defined and chip shortage blamed
      • Not Your Average Nixie Tube Clock | Hackaday

        When it comes to Nixie clocks, we all pretty much know what to expect: a bunch of Nixies with some RGB LEDs underneath, a wooden case of some sort, and maybe some brass gears or fittings for that authentic steampunk look. It’s not that we don’t appreciate these builds, but the convergent designs can be a little much sometimes. Thankfully, this 60-tube Nixie clock bears that mold, and in a big way.

        The key to [limpkin]’s design is the IN-9 Nixie, which is the long, skinny tube that used to show up as linear indicators; think bar graph displays on bench multimeters or the VU meters on mixing boards. [limpkin] realized that 60 on the tubes could be arranged radially to represent hours or minutes, and potentially so much more. The length of the segment that lights up in the IN-9 is controlled by the current through the tube, so [limpkin] designed a simple driver for each segment that takes a PWM signal as its input. The job of a 60-channel, 14-bit PWM controller fell to an FPGA. An ESP8266 — all the rage five years ago when he started the project — took care of timekeeping and control, as well as driving a more traditional clock display of four 7-segment LEDs in the center of the clock face.

      • Visualizing Audio With An LCD VU Meter | Hackaday

        We all love seeing data represented in pretty ways — whether it’s necessary or not. Take VU meters for example. They’re a super useful tool for audio editors to balance signals, but they also look really cool, even if you’re only listening to music. Who didn’t use a Winamp skin with a built-in VU meter back in the day? Even after the demise of everyone’s favorite media player, we still see these great graphs popping up all over the place.

        Most recently, we’ve seen VU meters circle back around to have a bit of a retro vibe in this awesome Arduino-controlled LCD VU meter built by [mircemk]. Based on the KTAudio VU Meter project, it features an ultra-wide LCD, audio input, and volume knob, all tidily wrapped up in a case whose color scheme that can only conjure images of the famed Altair 8800, or an old Tektronix oscilloscope. The LCD itself is fairly responsive — but you can judge for yourself in the video below. The signature fading that so commonly accompanies screen refreshes on LCDs such as this one really adds to the retro effect.

    • Integrity/Availability

      • Proprietary

        • Microsoft OneDrive will no longer be compatible with millions of Windows PCs

          Millions of Windows users could lose access to their online cloud storage within weeks as Microsoft looks to encourage upgrading to the latest software.

          The tech giant has warned that the OneDrive app will stop syncing with Windows 7, 8 and 8.1 on March 1, 2022, meaning users only have a few weeks to upgrade to a newer version or possibly lose access to their files.

        • Security

          • Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

            On September 16, CISA released a joint alert on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus.

          • Time based username enumeration | Pen Test Partners

            Back in the day, it used to be easy to enumerate email addresses from forgotten password forms. Differences in the response made it easy to check if accounts existed.

            After that, you could brute force the password if there weren’t lockouts in place, or if there were, you could lockout a lot of user accounts. Password stuffing from breach data has made compromise easier, though it’s still useful to enumerate accounts in more targeted attacks from time to time.

            I was reminded of blind SQL injection, where differences in response time can reveal whether an injected statement was successful or not. This got me thinking about using similar techniques to enumerate usernames

          • Google’s Pixel 6 fingerprint reader is rubbish because of ‘enhanced security algorithms’
          • Multiple BusyBox Security Bugs Threaten Embedded Linux Devices | Threatpost

            Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.

            Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service (DoS) and 10 that also enable remote code execution (RCE), they said.

            One of the flaws also could allow devices to leak info, according to researchers from JFrog Security and Claroty Research, in a report shared with Threatpost on Tuesday.

          • Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog | MarketScreener

            Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others. You’re likely to find many OT and IoT devices running BusyBox, including popular programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs)-many of which now run on Linux.

          • Security updates for Tuesday

            Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

          • Privacy/Surveillance

            • Double win! Court rejects NSO’s attempts to silence victims and derail surveillance lawsuit

              On Monday, the United States Court of Appeals for the Ninth Circuit allowed WhatsApp’s lawsuit against Israeli spyware firm NSO Group to advance, and rejected NSO Group’s attempt to block briefs filed by civil society. In its ruling, a three-judge panel of an appeals court in San Francisco, California, affirmed a lower court’s decision to deny NSO Group’s motion to dismiss the lawsuit. Additionally, judges accepted the brief submitted by Access Now on behalf of eight civil society organizations, despite NSO Group’s objections claiming it introduced “disputed facts,” as well as another brief by three law professors.

              “We commend the Court for denying NSO Group’s attempts to silence its victims and derail WhatsApp’s lawsuit, which rightly puts the spyware peddler in the hot seat for enabling its government clients to violate human rights with impunity,” said Natalia Krapiva, Tech Legal Counsel at Access Now. “Now that the case proceeds into the discovery stage, it would be hard for NSO to hide its abuses behind the shroud of secrecy.”


              Front Line Defenders also recently announced it had uncovered the hacking (confirmed by the Citizen Lab and Amnesty International) of six Palestinian human rights defenders’ devices with NSO Group’s Pegasus spyware, as part of a broader assault on Palestinian civil society. Three of the targeted human rights defenders come from prominent Palestinian civil society groups that Israeli authorities have designated as “terrorist organizations,” leading Access Now and civil society to raise serious questions about whether Israeli authorities were involved in the Pegasus targeting.

    • Environment

      • COP26 and Climate Hypocrisy with Charlie Robinson

        In this episode, Whitney is joined by Charlie Robinson to talk about some of the key takeaways from the COP26 climate conference not being covered by the media and how many COP26 attendees engage in obvious hypocrisy when it comes to the policies they publicly promote and their personal actions.

    • Censorship/Free Speech

      • IFF questions Tripura Police’s notice to Twitter

        On November 3, 2021, in connection with a case registered under the stringent Unlawful Activities Prevention Act, 1967, the West Agartala Police issued a notice to Twitter Inc under Section 91 of the Code of Criminal Procedure. By way of the notice, the Police directed Twitter Inc. to block 68 Twitter pages/accounts and sought information related to them, including personal information such as browsing details and user registration details. We wrote to the Police pointing out that the notice dated November 3, 2021, is vague and that the Police is not empowered to direct blocking of pages/accounts on Twitter. We have sought immediate withdrawal of the notice.

    • Monopolies

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts