Storage is a big part of any application design strategy, but containers throw something of a monkey wrench into the traditional storage models. You’ve likely noticed that Red Hat has a few dogs in the storage race, most notably Red Hat Container Storage. We’re curious to see how much our readers care about this topic, and as such, we’ve whipped up yet another survey we’d be tickled pink if you could fill out for us. We’re not sending any emails, marketing materials or salespeople out in response to this survey, we just want to check the oil, as it were. So if you’ve got a little extra time, would you mind answering a few quick questions for us? As always, our goal is to better serve our readers, not to better sell to them. We’re trying to treat our blog like a magazine, and before we start covering new topics and adding how-to’s on storage, we’d like to see if those are topics that would interest you.
I'm announcing the release of the 5.2.12 kernel.
All users of the 5.2 kernel series must upgrade.
The updated 5.2.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
The Turbostat utility that lives within the Linux kernel source tree for reporting various power/frequency metrics on x86_64 processors saw some late updates merged last weekend for the upcoming Linux 5.3 kernel.
Since June Intel's open-source developers have begun volleying the initial open-source graphics driver code for Tigerlake "Gen12" hardware. To date the Gen12 changes haven't been too invasive even with this being the first generation with the "Xe Graphics" engine branding. But that's now changed with a new patch series showing major changes to the graphics instruction set.
Now that the Intel open-source developers have begun preparing the changes for their graphics compiler back-end for Xe/Gen12 initially with Tigerlake processors, the major architectural changes are beginning to show compared to Icelake "Gen11" graphics and older. The patches show that the Gen12 graphics ISA is one of the biggest reworks ever to the Intel EU ISA since the original i965 graphics a decade ago.
Intel's open-source Linux graphics driver crew has been on an exciting spree lately of not only punctually enabling new hardware support but also pushing some big performance improvements for new and existing generations of graphics hardware. Today another performance achievement was unlocked.
Kenneth Graunke who led the development of their new Gallium3D OpenGL driver discovered an optimization today that not only benefits that "iris" driver but also the i965 classic OpenGL driver and their ANV Vulkan driver. The optimization is to stop redirecting the state cache to the command stream command buffer cache section. By looking through their hardware documentation and comparing the behavior to the Intel Windows driver, this optimization was uncovered.
With Firefox 69 released and Firefox 70 entering beta, here are some fresh web browser benchmarks between Mozilla Firefox and Google Chrome from Ubuntu Linux. On the Firefox size, Firefox 68, 69, and 70 Beta were tested with and without WebRender being enabled and compared to Google's current Chrome 76 stable release.
From an Intel Core i9 7960X workstation with Radeon RX 550 graphics running Ubuntu 19.04, the official Linux x86_64 binaries of these different Chrome/Firefox releases were tested. The Firefox runs with WebRender were forced using the MOZ_WEBRENDER environment variable.
Oracle Virtualbox 6.0.12 was released a few days ago as new maintenance release for the 6.0 series. Here’s how to install it in Ubuntu 16.04, Ubuntu 18.04, and higher.
Messaging scheduling is among the new features added to the hugely popular Telegram messaging service.
Telegram 1.8.3 (v5.11 on mobile) introduces the ability to schedule messages.
This feature could prove particularly useful for Telegram group admins and channel owners (hi), as well as those who want to broadcast a missive at a specific time rather than having it posted (or read) straight away.
To schedule a message in Telegram desktop is easy enough: right click on the ‘Send’ button in the chat toolbar, select the ‘Schedule Message’ option, and pick a date and time. You get a notification when your scheduled message is successfully sent (and presumably no notification if it fails).
[...]
You can refer to our guide on how to install Telegram on Ubuntu, Linux Mint and related distro should you want to get the service up running on your system.
Though many sites have abandoned Adobe Flash in favour of HTML5 these days, there are still some legacy applications (e.g. older versions of VMWare’s vSphere web client) that depend on it. Recent versions of Firefox in Linux (68+) started failing to load Flash content for me, and it took some digging to find out why. First off, I noticed that the content wouldn’t load even on Adobe’s Flash test page. Second off, I found that the plugin wasn’t listed in Firefox’s about:plugins page.
Finished the main campaign adventure mode in Distance? Well there's now even more levels for you to try and beat in the latest big update to the fantastic and challenging racing platformer.
The free Horizon Update lands almost a year after it left Early Access. It adds in three new new Refract levels: Liminal, Serenity and Zenith all under Sprint. There's also 18 new Community levels that were officially added into the game across various modes, although most are Sprint. A bunch of UI improvements were made too, especially for the Online menu making it a bit more streamlined.
The dark narrative-focused RPG Vagrus - The Riven Realms has surpassed $40K in funding on Fig's Open Access program, so they've hit more development milestones and it seems GOG were impressed by it.
Looks like another good Humble Monthly has just arrived, as the early unlock game is the strategy title BATTLETECH which has Linux support.
Checking SteamDB, looks like this is the cheapest BATTLETECH has been so far too. In this case, it's even better value since you get a bunch of additional games unlocked next month. On top of that there's access to the Humble Trove, their curated selection of DRM free games and there's plenty in there that support Linux too.
Valve have uncapped the Proto-Pass, allowing players to level it up all the way now and earn even more rewards for playing the game. That, plus more smaller bits in the latest update.
Alchemist, Bloodseeker, Crystal Maiden, Sand King and Tusk now actually have some visual upgrades when you get them to a 2 and 3 star. There's some animation improvements, a framerate option on mobile, melee units will target barricades if there's no better target and Assassin targeting and Blink Daggers are now a bit more random between left and right when selecting the target.
If you enjoyed the highly rated tight platformer Celeste, we've got good news for you as a huge free update is due to arrive next week.
The developer has confirmed September 9th will see the Celeste Chapter 9: Farewell release, which will include 100+ new levels to bring Celeste up to a whopping total level count of over 800! Additionally there will also be 40 minutes of new music from Lena Raine along with several brand new mechanics and items.
Angelo and Deemon: One Hell of a Quest from the small Ukrainian team Specialbit Studio is now due to release on September 27th and it looks like it could be pretty amusing.
The developers said the game is as a result of a weird dream one of them had while running a high fever, where they got sent to hell. We've all had some pretty weird dreams right? Well Specialbit Studio decided to turn the dream into a game. In Angelo and Deemon you assume the role of Angelo, a blogger who got sent to hell and is now recording the journey.
Set in a divine Chinese realm, Fantastic Creatures is a 4x strategy game about a dying world full of mythological creatures and later this year it will release with Linux support.
Currently in development by Blue Callisto, a one-person studio run by "FMR" who has a passion for 4x and strategy games. They previously ran through a lot of Let's Play videos for strategy games on YouTube and now they're rolling their own with Fantastic Creatures.
Valve has announced some more updates to Steam Labs, their new testing area for features that may make it into Steam officially at some point.
Firstly, there's something entirely new. You can opt-in to the new Search experiment which will tweak the way you see and interact with lists across the entire Steam store, as opposed to being limited to the Labs area. It adds in: infinite scroll; price and sale filters; the ability to hide items on your wishlist or items you already own or you've ignored and multiple updates to the way tag filtering works.
The first minor release of the 19.08 series is out with usability fixes.
Latte Dock v0.9.2 has been released containing important fixes and improvements!
Since June of this year, I’m working for NLnet foundation. NLnet gives grants to people to improve the internet.
NLnet is growing because it is handling grants for European Next Generation Internet (NGI) programs. This means more funds for new search technologies and privacy enhancing technologies. Typical grants go towards the creation of materials (mostly software) that are made available under free licenses.
I’m honoured to have been asked for this position and will do my best for the success of the projects that we support.
During this year’s FOSDEM, I continued to practice live sketchnoting of the few sessions I attended (there are so many!!). I posted them on social media as I was working on them, but somehow I forgot to post them on my blog. B
The System76 team has returned from GUADEC and successfully recovered from crippling jetlag! (Mostly.) Based on many constructive conversations that took place over the course of the conference, we’re very excited about GNOME’s future and eager to see how the project progresses. Here’s what we learned:
Theming
Theming was a huge topic of discussion at GUADEC. Ultimately, GNOME members arrived at a compelling solution that we believe works for GNOME, application developers, and hardware vendors alike. The proposed solution involves transitioning Adwaita, GNOME’s default theme, into a theming engine, along with adding the necessary documentation. Using Adwaita as a theming engine would introduce new flexibilities to theming in GNOME, and would allow app developers more control over the appearance of their application on different themes. The addition of FreeDesktop.org’s dark style is being considered as well, which would also allow for better control over an application’s appearance across desktop environments.
Seems we’re settling at 3 snapshots per week. It seems to be pretty hard at the moment to get stagings fully built and tested (build are constrained by only few workers able to build e.g. Firefox, and since Leap started the dev cycle, the load on OBS and those few workers massively increased). So, 3 snapshots, or roughly one every other day, does not sound so bad overall. During this week, we released 0829, 0902 and 0904.
OSGeoLive is a unique Linux distro. It pulls together a large library of Linux tools and applications that support geospatial workloads. It is not designed to be a general usability Linux operating system, but if you add the software it's missing, you can happily use it for other computing tasks.
I was particularly intrigued by some of its standalone applications and Web app offerings. Browsing through this distro's feature tools was a fun-filled discovery experience.
Nothing needed to be set up or configured. One click led to another. With each new screen came interesting information that teased my inquisitive mind. The experience actually sparked an interest in the world of geospatial elements.
Condres team has announced the release of Condres OS 2019.09 on Sep 02, 2019.
It offers multiple flavours like KDE, GNOME, Cinnamon, MATE, and XFCE desktop.
The notable features in this release is, they have introduced support for snap and appimage applications.
Added multiple php version support for seamless website development.
Also, it supports php 7.1.x and 7.2.x versions, so it has greater compatibility with future versions.
In this video, I am going to show an overview of Netrunner 19.08 Indigo and some of the applications pre-installed.
Here’s your report of what has happened in Fedora Program Management this week. The Beta freeze is underway and the Go/No-Go meeting is Thursday!
I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.
rpminspect-0.5 is now available. The releases are noted on the github project page. I uploaded the tarball there. I have done builds in Fedora rawhide and the f31 branch. For other releases, you will need to use the Copr repos.
A rolling release receives periodic updates in a “rolling” fashion–they just keep rolling in. This is good, as you get the latest cutting edge changes to applications and system libraries. But unfortunately there is a side effect to rolling releases: they are bad for stability, because the changes they bring are often not yet widely used, or tested, in real world situations. This issue is inherent to any fast moving body of code, and PureOS is no different; we attempt to solve it by putting the user at the center of our design choices. With this in mind, we polled our forum and worked internally to devise a pragmatic solution that follows best practices, while continuing to provide options for users.
Our solution is straightforward; we’re making our PureOS release a stable release, and creating a new rolling release. In addition to this stable release, we’re adding two complementary suites–amber-security and amber-updates–which work together to bring a rock solid release. We will also build and release a rolling release just like the one our users are used to, meant for those who are willing to use, and test, the latest software from upstream. Both releases will receive security updates, of course, but the rolling release will lack real-world testing, by design.
Kali Linux team have pleased to announce the new version of Kali Linux 2019.3 on 02 Sep 2019.
This is the third release of the Kali Linux 2019.x series.
This release brings kernel version 5.2.9 and includes many new features with NetHunter, ARM, and packages.
Official Kali Linux LXD Container Image is Released starting from Kali Linux 2019.3.
As always, it brings regular bug fixes and updates.
LXD supports proxy devices, which is a way to proxy connections between the host and containers. This includes TCP, UDP and Unix socket connections, in any combination between each other, in any direction. For example, when someone connects to your host on port 80 (http), then this connection can be proxied to a container using a proxy device. In that way, you can isolate your Web server into a LXD container. By using a TCP proxy device, you do not need to use iptables instead.
There are 3€³=9 combinations for connections between TCP, UDP and Unix sockets, as follows. Yes, you can proxy, for example, a TCP connection to a Unix socket!
Few enterprises want all their computing devices to be fully exposed to the internet. In an environment of ever-growing security threats, isolating internal networks from the wider internet is not simply best practice, but borderline essential.
However, with all the benefits that restricted networks provide, it can pose challenges for enterprises who are looking to take advantage of certain technologies. One of these is the automatic update feature of snaps which enable a low-friction process and a fast release cadence. If an enterprise has a restricted network, then this will prevent snaps being able to automatically update due to the necessity for an external internet connection and potentially upsetting change management policies.
PINE64’s claim to fame was its open source-friendly Allwinner-based single board computers (SBC) that came at the height of the Raspberry Pi’s popularity. It has since then expanded to putting those boards and their experience inside more finished products, like the Pinebook ARM-based laptops. As the team’s Lukasz Erecinski narrates, the decision to add a smartphone to that list wasn’t an easy or quick one but it was the most logical next step (a tablet is in the works now as well).
But not even a year after that decision was made, the team has already started making making prototypes, enough to start pre-orders for them. Not everyone’s invited for now, though. Only experienced Linux developers that could contribute towards actually improving the PinePhone. That said, in October and November, they do plan on having a more open pre-order period, this time for tinkerers and app developers as well.
The design and composition of the boards are all but ready but aren’t set in stone. An Allwinner64 SoC will, of course, be at the heart of it all, with 2 GB of RAM and 16 GB of expandable storage. Those may sound almost laughable by today’s standards but the phone’s emphasis has always been on providing a private and secure open source Linux phone, not compete with Samsung and Apple. As such, it embraces a multitude of Linux on Phone projects and experiences and isn’t locked down to a single one.
Friendly Elec has launched a new mini PC this week in the form of the ZeroPi which offers a headless computer equipped with an Ethernet 10/100/1000M connection, USB Host: 2.0 Type A x1 and Serial Debug Port: 2.54mm pitch 4-pin-header.
Powered by a Quad-core Allwinner H3 4 x Cortex-A7 Up to 1.2GHz processor supported by 512MB DDR3 RAM the tiny mini PC can be powered by DC 5V/2A or MicroUSB depending on your needs. The ZeroPi is available with a variety of optional extras including heatsink, acrylic case, plug adapters and memory cards.
It is that time of the month again when we see what the best apps and games were on the Tizen Store for the previously month – now August 2019. Generally, we have seen that WhatsApp Messenger, Facebook and Facebook Messenger have stayed in the top three. Although, in last months table, Facebook Messenger had dropped a place, going from third to fourth place.
The open source RECAP platform is currently available under the GNU General Public License. The remote sensing components are also market-ready. Both can be hosted either on project partners' servers or on the client's own servers.
With the recent release of the OpenXR 1.0 specification, the presence of numerous Open Source platforms for Virtual Reality and Augmented Reality, and a growing community of developers, the need for a collaborative Open Source XR Conference became clear. With millions of VR headsets already on the market and preliminary support for platforms like Linux and BSD introduced, the only remaining pieces of the puzzle needing more work are better open drivers and adoption.
That being said, we're very excited to announce the 1st edition of the FOSS XR Conference, a new yearly gathering aimed at bringing the community together and giving a podium to the future of XR. Whether it's users, developers, engineers, businesses, hackers or hobbyists, anyone with an interest in Open Source XR can attend, share knowledge and code.
Taking place on 26 October in parallel with the Blender Conference (a long running conference in Amsterdam held by the Blender Foundation, at their trusty location The Balie), FOSS XR will have presentations throughout the day, a small dedicated hackerspace for meeting new people working on projects and more. Presentations will include everything from open source driver development, to the use of open source in XR applications, reverse engineering and showcases.
In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol, and since June 2018 we’ve been running experiments in Firefox to ensure the performance and user experience are great. We’ve also been surprised and excited by the more than 70,000 users who have already chosen on their own to explicitly enable DoH in Firefox Release edition. We are close to releasing DoH in the USA, and we have a few updates to share.
After many experiments, we’ve demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic. We feel confident that enabling DoH by default is the right next step. When DoH is enabled, users will be notified and given the opportunity to opt out.
This post includes results of our latest experiment, configuration recommendations for systems administrators and parental controls providers, and our plans for enabling DoH for some users in the USA.
This has been a while coming; thank you for your patience. I’m very happy to be able to share the final four candidates for Mozilla’s new community-facing synchronous messaging system.
[...]
We’ve been spoiled for choice here – there were a bunch of good-looking options that didn’t make it to the final four – but these are the choices that generally seem to meet our current institutional needs and organizational goals.
We haven’t stood up a test instance for Slack, on the theory that Mozilla already has a surprising number of volunteer-focused Slack instances running already – Common Voice, Devtools and A-Frame, for example, among many others – but we’re standing up official test instances of each of the other candidates shortly, and they’ll be available for open testing soon.
The trial period for these will last about a month. Once they’re spun up, we’ll be taking feedback in dedicated channels on each of those servers, as well as in #synchronicity on IRC.mozilla.org, and we’ll be creating a forum on Mozilla’s community Discourse instance as well. We’ll have the specifics for you at the same time as those servers will be opened up and, of course you can always email me.
Power users often implement macros in their documents, and LibreOffice’s volunteer contributors are typically power users, so it makes sense to ensure the tools they need are in excellent shape. We are excited to announce the creation of a dedicated team for macro improvements in the LibreOffice contributor community.
Abdullah Ramzan was born and brought up in the under-developed city of ââ¬â¹Layyahââ¬â¹, which is situated in Southern Punjab, Pakistan and surrounded by desert and the river ââ¬â¹Sindhââ¬â¹.
He graduated from college in his home town and started using a computer in ââ¬â¹2010ââ¬â¹ when he joined ââ¬â¹Government College University Faisalabadââ¬â¹. Abdullah’s introduction to WordPress happened while he was finishing the last semester of his degree. His final project was based in WordPress.
Ramzan’s late mother was the real hero in his life, helping him with his Kindergarten homework and seeing him off to school every day.
Before her heart surgery, Ramzan visited her in the hospital ICU, where she hugged him and said: ââ¬â¹“Don’t worry, everything will be good.” Sadly, his mother died during her surgery. However, her influence on Ramzan’s life continues.
GNU Wget2 is a from scratch rewrite of the popular wget downloading utility. GNU Wget2 wraps around the libwget library while now being multi-threaded and supporting other features to provide better performance over the current wget releases.
GNU Wget2 is providing for faster performance by being multi-threaded, properly supporting HTTP2 connections, handling HTTP compression features, dealing with parallel connections, taking into account the If-Modified-Since HTTP header, and other features.
Hi,
we, the maintainers, are happy to announce the release 1.99.2 of GNU Wget2.
GNU Wget2 is the successor of GNU Wget, a file and recursive website downloader.
Designed and written from scratch it wraps around libwget, that provides the basic functions needed by a web client.
Wget2 works multi-threaded and uses many features to allow fast operation.
In many cases Wget2 downloads much faster than Wget1.x due to HTTP2, HTTP compression, parallel connections and use of If-Modified-Since HTTP header.
GNU Wget2 is licensed under GPLv3+. Libwget is licensed under LGPLv3+.
Thanks to all authors that made this release possible (list auto-generated, sorted by # of commits). Also many thanks to all contributors and translators who are not listed in git meta data. ``` Tim Rühsen Darshit Shah Kumar Mallikarjuna DalmeGNU Ander Juaristi Josef Moellers Neil Locketz Rohan Fletcher Tsukasa OI Gisle Vanem Leif Ryge Leon Klingele Rafael Fontenelle Yuri Chornoivan sameeran joshi sebma ```
**Noteworthy changes since the last release:** ``` * Improve docs * Improve build system * More continuous integration testing * Add functionality tests * Add examples * Add HTTP/2 support for test suite (GSOC project) * Add OCSP responder for test suite (GSOC project) * Add new option --keep-extension * Add new option --retry-on-http-status * Add new option --dns-cache-preload * Add -X/--exclude-directories and -I/--include-directories * Add new option --save-content-on * Add new option --limit-rate * Add new option --unlink (Wget1.x compatibility) * Add new option --start-pos (Wget1.x compatibility) * Add new option --no-if-modified-since * Add new option --ocsp-server * Add new option --ocsp-nonce * Add new option --ocsp-date * Add bitmap type to libwget * Add support for Chromium's HSTS Preload List * Add zstd decompression (RFC8478) * Add WolfSSL as alternative TLS backend * Add OpenSSL as alternative TLS backend * Add arguments fail / nofail to --verify-sig * Add TLSv1_x to --secure-protocol * Add support for TCP FastOpen Linux 4.11+ style * Add basic HTML entity decoding (RFC1866) * Add TLS 1.3 post-handshake authentication * Add XDG Desktop Specification support for config files * Remove support for libidn2 < 0.14 and libunistring * Remove option --gnutls-options (use --secure-protocol instead) * Rename --dns-caching to --dns-cache (Wget1.x compatibility) * Skip -np/--no-parent for CSS URLs * Enable syncing with translationproject.org while bootstrapping * Fix HTTP/2 slowness issue * Fix xattr behavior (CVE-2018-20483) * Fixed a pile of bugs * Made many changes to the libwget API
I am pleased to announce that Qt 5.13.1 is released today. As a patch release, Qt 5.13.1 does not add any new functionality but provides many bug fixes and other improvements.
Compared to Qt 5.13.0, the new Qt 5.13.1 contains around 500 bug fixes. For details of the most important changes, please check the Change files of Qt 5.13.1.
Note that as a long-term supported release Qt 5.12 LTS receives all the applicable bug fixes as well. We are working on the next patch level release, Qt 5.12.5, to be available in the coming weeks. So unless you need the new functionality provided by Qt 5.13 it is fine to stay using Qt 5.12 LTS and get the relevant bug fixes.
We are happy to announce the release of Qt Creator 4.10.0!
You can "pin" files now. Pinned files stay open when bulk-closing files for example via File > Close All and File > Close All Files in Project. They also stay on top in the Open Documents pane and in the document dropdown in the editor toolbar. The pin functionality is available via the context menu on the document dropdown and the Open Documents pane.
Our client for the Language Server Protocol is now better integrated into Locator: It shows symbols from the current document '.', from the workspace ':', and classes 'c' and functions 'm'. If the server provides a tool tip for a code location, the client shows it in the editor. In the server settings you can specify that it should only be started when needed, and you can use variables for the server executable and arguments. We also moved the plugin out of experimental state, so it is enabled by default.
We fixed many issues with the reformatting feature of QML files, which could lead to invalid code.
This tutorial explains how to create a Python multiline string. It can be handy when you have a very long string. You shouldn’t keep such text in a single line. It kills the readability of your code.
In Python, you have different ways to specify a multiline string. You can have a string split across multiple lines by enclosing it in triple quotes. Alternatively, brackets can also be used to spread a string into different lines.
Moreover, backslash works as a line continuation character in Python. You can use it to join text on separate lines and create a multiline string. Finally, there is string join() function in Python which is used to produce a string containing newlines.
You've incorporated software testing into your coding practices and know from experience that it helps you get your stuff done faster with less headache.
Awesome.
Now your colleagues want in on that super power and want to learn testing.
How do you help them?
That's where Josh Peak is. He's helping his team add testing to their workflow to boost their productivity.
That's what we're talking about today on Test & Code.
Wing 7.1.1 avoids slowing and dropping of remote development connections, fixes showing Pandas DataFrame and Series values, makes OS Commands work on remote hosts with Python 3, inspects remote extension modules with non-ascii characters in the interface, adds __init__ arguments to the auto-completer, allows ignoring exceptions in frozen importlib files, fixes line numbers shown in pytest exception tracebacks, and fixes other minor usability issues.
Chinese giant Wanhua Chemical officially withdrew its plans to build a $1.25 billion plastics manufacturing complex in St. James, Louisiana, in the heart of the already industrialized Cancer Alley. The news bought relief to opponents of the plant.
“I’m glad they won’t be coming,” Eve Butler, a lifelong resident of St. James Parish, told me in a call. “I live straight across the river from where the plant was going to be built.” Butler was part of a group of residents, local community groups, and environmental advocacy nonprofits that took part in a concentrated battle to stop the Wanhua plant from being built.
Security updates have been issued by Debian (exim4 and firefox-esr), Fedora (lxc, lxcfs, pdfresurrect, python3-lxc, rdesktop, and seamonkey), Oracle (kernel), and SUSE (nginx, python-Werkzeug, SUSE Manager Client Tools, and util-linux and shadow).
In these monthly reports we outline the most important things that have happened in the world of Reproducible Builds and we have been up to.
As a quick recap of our project, whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed to end users or systems as precompiled binaries. The motivation behind the reproducible builds effort is to ensure zero changes have been introduced during these compilation processes. This is achieved by promising identical results are always generated from a given source thus allowing multiple third-parties to come to a consensus on whether a build was changed or even compromised.
Anybody running the Exim mail system will want to apply the updates that are being released today; there is a remote code-execution vulnerability in its TLS-handling code with a known proof-of-concept exploit.
If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.
In popular software for mail servers, Exim discovered a critical vulnerability (CVE-2019-15846), which allows to remotely execute code and gain system access with root privileges. The fix for the security issue, and its detailed description will be published on Friday, September 6. To prevent attacks using CVE-2019-15846 recommended to update Exim to version 4.92.2 or later.
The widely used Exim email server software is due to be patched today to close a critical security flaw that can be exploited to potentially gain root-level access to the machine.
The programming blunder can be abused over the network, or internet if the server is public facing, or by logged-in users to completely commandeer vulnerable installations, steal or tamper with data, install spyware, and so on.
The vulnerability, designated CVE-2019-15846, has been kept under tight wraps. Details of the bug, along with updates to install to address the security weakness, are due to go live today at 1000 UTC. To be safe from the remote-code execution flaw, ensure you are running version 4.92.2 or later, either built from source or obtained from your operating system's package manager.
One reason people switch to Linux is to have better security. Once you switch to Linux, the thinking goes, you no longer have to worry about viruses and other types of malware. But while this is largely true in practice, desktop Linux isn’t actually all that secure.
WireGuard 0.0.20190905 was released on Thursday by lead developer Jason Donenfeld.
WireGuard 0.0.20190905 is the newest snapshot for this secure VPN tunnel that has been making waves in recent years. While WireGuard has been brought to many operating systems and mobile platforms, WireGuard itself is still considered "experimental but fairly stable."
Hello,
A new snapshot, `0.0.20190905`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point in time, experimental, and does not constitute a real release that would be considered secure and bug-free. WireGuard is generally thought to be fairly stable, and most likely will not crash your computer (though it may). However, as this is a pre-release snapshot, it comes with no guarantees, and its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a few relevant changes.
On September 3, journalists in the Sverdlovsk region reported that local officials have prevented a shooting spree in the town of Kushva. According to the Nizhny-Tagil-based publication Mezhdu Strok (Between the Lines), two 16-year-olds planned to kill their classmates at the local âââ1 high school and the Baranchinsky Electromechanical Technical Institute (located near Kushva). Since June 2019, the two teenagers reportedly obsessed online over the 1999 Columbine High School massacre in the U.S., and searched for firearms and explosives.
The resolution's author says that "nobody has done more to fan the flames of gun violence than the NRA."
He is one of the legends of rock famous for his progressive battles. At seventy-six, the Pink Floyd co-founder, Roger Waters, has not given up at all and does not hesitate to call his country, Great Britain, "disgusting" for its treatment of Julian Assange. Last Monday, Waters sang his great classic, "Wish You Were Here" in front of the UK Home Office in London in support of Assange, while the Australian journalist, John Pilger, explained the serious risk the WikiLeaks founder runs of being extradited to the US, and Assange's brother, Gabriel, described an emotional meeting with Julian Assange. Roger Waters is currently in Venice to present his film "US + Them". Repubblica interviewed him.
Gabriel Shipton, brother of jailed WikiLeaks co-founder, told a rally in London that the British prison system is “working its hardest at crushing any hope” Julian Assange has left.
Speaking at a rally outside the British Home Office in Westminster on Monday, Shipton described an emotional visit to his weakened and emaciated brother, currently serving a 50-week sentence at Belmarsh prison, ostensibly for skipping bail in 2012.
It was a slippery, evasive response—if technically accurate—from Biden, who struggled to articulate a clear vision for climate action throughout his portion of the town hall. Speaking about the need for the next US president to spur other countries to act, Biden repeated a right-wing talking point about the United States’ being responsible for “only 15 percent of the problem,” a point that omits the responsibility this country bears as the world’s biggest carbon polluter historically, as well as the US role in driving technological innovation that can be adopted elsewhere. On fracking, Biden said that rather than trying to ban the practice nationally (something that Bernie Sanders, Elizabeth Warren, and a few other candidates have called for, though a president can’t do that unilaterally on private land), he favored no new wells on public lands. He claimed that the Obama administration didn’t do more on climate because the urgency of the climate crisis wasn’t well understood until recently, when in fact scientists and advocates have been sounding the alarm for decades. “Everything is incremental,” Biden said at one point, dodging a question about fossil fuel exports.
First off, the Daily Mail and The Sun reported that the U.S.-born former TV actress has gone back to her Hollywood roots for help with improving their public persona. She has hired Sunshine Sachs, which the outlets described as “a top PR crisis firm” for A-list celebrities, to help with the task.
However, a representative for the firm said in an email to this news organization that the firm wasn’t working specifically with Meghan but with the Sussex Royal Foundation to help launch the Travalyst initiative, a global effort that seeks to encourage more responsible tourism.
[...]
The firm also faced controversy when its owner admitted to hiring people to edit the Wikipedia pages of clients to remove negative comments, which is prohibited by the site’s terms, The Sun reported.
Joe Balash, an assistant secretary at the department who oversaw the Bureau of Land Management, left his job last week. On Wednesday he announced his new position as senior vice president for external affairs with Oil Search, a Papua New Guinea-based company that first expanded into Alaska in 2017.
French wines tell a remarkable story: climate scientists and historians, with a new wine list to savour, have carefully reconstructed the harvest dates for Burgundy – one of the most important wine regions of France – to highlight the dramatic change in global climate.
Grapes in Burgundy are now picked 13 days earlier than the average for the last 664 years. And the advance in harvest dates has been dramatic: almost all since 1988.
The finding is based on painstaking study of data going back to 1354. From medieval times Burgundian growers and civic authorities had an unusual communal arrangement: they each year collectively considered the growing conditions and imposed a date before which no grapes might be picked.
And scientists from France, Germany and Switzerland report in the journal Climate of the Past that they worked through all surviving records to provide an accurate record of the harvest date around the city of Beaune.
The climate emergency is the single biggest challenge to our food, water and people on this planet.
You probably know you can’t believe everything you see on the Internet. But you may still be surprised to find how easily fake science makes its way through YouTube and other social media sites — and how intentionally it’s being promoted.
A new study from a researcher at Aachen University in Germany about the prevalence of inaccurate climate science and conspiracy theories on YouTube illustrates the grim reality, but also a way to fix it.
The study used 10 different search terms on YouTube, such as “climate change,” “climate science,” “geoengineering” and “climate hacking,” and analyzed the results to see which videos supported the scientific consensus around climate change and which did not.
It also used an internet tool called Tor, which anonymizes users, in order to avoid YouTube’s practice of personalizing search results based on previously watched videos, location and other demographics.
Overall, most videos in the 200-video sample disagreed with the scientific consensus around climate change, and of those, 85 percent actively spread conspiracy theories. Videos that agreed with scientific consensus received more total views than those that disagreed, but by only 2,300 views — and both categories had almost 17 million views each.
Hurricane Dorian raked the coastal Carolinas with howling, window-rattling winds and sideways rain Thursday, spinning off tornadoes and knocking out power to more than 200,000 homes and businesses as it pushed northward toward the dangerously exposed Outer Banks.
Progressive activists often see a frustrating pattern. Many Democrats in office are good at liberal platitudes but don’t really fight for what we need. Even when constituents organize to lobby or protest, they have little leverage compared to big campaign donors, party leaders and corporate media spin. Activist efforts routinely fall short because—while propelled by facts and
"If Biden is serious about taking on the power of the fossil fuel lobby, why is he going to a fundraiser hosted by the co-founder of a natural gas company?"
The presidential candidate made the comments on Wednesday at a climate town hall on CNN after he was asked by an attendee about rising populations and how the planet "can not sustain this growth."
The questioner, identified by CNN as a teacher named Martha Readyoff, said that she realized linking population control to climate was a topic "poisonous for politicians, but it's crucial to face."
Ultimately, the issue facing the high-income world—and increasingly China as well—is how we regard humanity itself. British author Austin Williams describes this question as a conflict between whether humanity represents “the biggest problem on the planet” or the “creators of a better future.”
But when moderators and audience members asked the Democratic hopefuls whether they’d relocate people away from coastal areas prone to flooding, the candidates called it virtually everything other than retreat. [...]
Labor Day has come and gone. To most people it’s a day off and a splash of sales. The symbolism and meaning that inspired this national holiday back in 1894 has long since dissipated. Labor Day parades are affairs of the past, with very few exceptions, and those that still exist are facing dwindling participation – in the era of Donald the corporatist, no less.
Charter schools, once the darling of politicians on the right and left, have become a hot potato in the Democratic Party 2020 presidential primary...
According to expats living in 187 countries, the U.S. is among the least safe and affordable countries in the world
The Trump administration is moving forward with a proposal to revoke part of California’s authority to set its own automobile gas mileage standards, a government official said Thursday, confronting a state that has repeatedly challenged the administration’s environmental rollbacks.
Sen. Elizabeth Warren’s campaign has said she has drawn crowds of up to 15,000. Meanwhile, former Vice President Joe Biden has not exactly been packing them in, even as he continues to lead by a healthy margin in most polls of the Democratic presidential primary. So could Warren’s big crowds be picking up on something that the polls are missing?
The short answer is: No. While the ability to generate big crowds is certainly nice — it may signal enthusiasm among highly engaged voters or produce favorable media coverage — you should ignore any candidate, surrogate or media outlet that tells you that large crowd sizes mean that the polls are underestimating a candidate’s support. It’s just spin; polls are much more accurate at forecasting elections than crowd-size estimates, which don’t tell us all that much.
8chan owner Jim Watkins provided evidence to congressional staffers on Thursday to comply with a subpoena the House Homeland Security Committee issued him after a series of racist manifestos from mass shooters were posted on the site. His site has remained down since shortly after the shooting — but new statements made to The Verge suggest it may be coming back sooner than many expected.
According to Watkins’s lawyer, Benjamin Barr, 8chan’s owners hope to have the site back online in the next week or so. In his prepared remarks for the committee, Watkins said that 8chan is currently “offline voluntarily” and that it may come back online soon, once the site “is able to develop additional tools to counter illegal content under United States law.”
“This isn’t written in stone, but somewhere around a week, they hope to be back,” Barr said.
The social media platform is teaming up with Microsoft and a handful of research institutions to launch the Deepfake Detection Challenge, with the goal of “detecting and preventing media manipulated via AI from being used to mislead others.”
"We need to ban this technology outright, treat it like biological or nuclear weapons, and prevent it from proliferating before it's too late."
When Aftenposten, one of Norway’s largest newspapers, reported on the incident and shared its article along with the Napalm Girl photograph on its Facebook page, the content was removed. Even the Norwegian prime minister’s post was taken down when she chimed in.
Egeland, meanwhile, grew more frustrated and appealed Facebook’s decision. But reaching out to the company was getting him nowhere.
ON THE NIGHT of August 30th, soon after ZAO—an app whose name means “to make”—was launched, it proved so wildly popular that its servers crashed repeatedly. Almost as rapidly, a sudden backlash from its many fans nearly unmade it. Technology-news outlets and meticulous netizens who had combed through the terms of its user agreement found that by signing up, users had granted ZAO “completely free”, “irrevocable” and “perpetual” rights to all content they uploaded to its platform.
Furious comments flooded Apple’s app store in China, where ZAO is now rated a measly two stars out of five. (This did not stop it from becoming China’s most-downloaded free app in the store.) WeChat, a dominant Chinese app—always eager to stick it to a potential rival—blocked ZAO links from being shared on its messaging service citing “security risks”. ZAO swiftly removed the offending clause. On September 3rd it apologised to users and pledged to protect their personal data “in every possible way”.
The main platform for voice-based systems is the so-called “smart” speaker, for example, Amazon’s Echo, or Google’s Home. It might seem an exaggeration to call these devices a platform, since their sales are still relatively low, and their capabilities are quite limited. But that’s only because the West is not in the vanguard here: China is leading the way. Smart speakers are taking off rapidly there, for a number of reasons. For example, they sidestep the issue of how best to input Chinese characters – certainly possible, but less convenient than inputting Western letters. They are also good first devices for older users who may not have computers or the keyboard skills to use them – a huge potential market in China. Another crucial factor is that privacy issues arising from products that eavesdrop on everything we say in our homes are less to the fore in a country where the government has built the world’s most complete surveillance society.
As an article in the South China Morning Post explains, the main high-tech companies in China – Alibaba, Baidu and Tencent – are pouring money into this sector, which they see as the next big battlefield in the digital world. So great is the desire to build market share quickly, that some devices are being sold for as little as $15 each. Companies are willing to offer models at these knock-down prices because what they want for tomorrow is more important than a few dollars more today. High-volume sales of smart speakers will give them huge quantities of voice data for training and improving their back-end AI systems, and a major share of the new platform that is already making money in China: [...]
The owner of the anonymous messaging board tied to a string of mass shootings this year testified on Capitol Hill on Thursday, offering an adamant defense of his website to House staffers behind closed doors.
Government officials, members of President Putin’s administration, and major media companies are discussing the creation of a single state system that would track online content views and advertisement impressions, sources tell the newspaper Vedomosti. The new entity would reportedly compare to existing systems that measure television audiences and tickets sold at movie theaters.
Your first reaction to the concurrence of three online films about the racist abuses of the American criminal justice system might be to attribute this to pure happenstance. However, given the objective reality of the increasing legal, moral and political rot of the police, the courts and the prison system, it was inevitable that filmmakers of conscience would feel impelled to respond to the crisis. In other words, we should not speak of happenstance but ineluctability.
"By compelling arraignment in every case, the judge punished the exercise of individuals' First Amendment right to protest."
On September 2, journalist Yuri Dud released a three-hour video on YouTube dedicated to the 15th anniversary of the Beslan school siege, featuring interviews with eyewitnesses who survived the hostage crisis and “continue to live a normal life, no matter how hard they were hit by the terrorist attack.”
The company “Fly Auto,” which rents and leases cars, has filed a 1-billion-ruble ($15.2-million) lawsuit against Alexey Navalny’s Anti-Corruption Foundation, naming the independent television station Dozhd as a third party in the case. The lawsuit was filed with the Moscow Arbitration Court on September 5, and the court’s website currently specifies only the damages in the claim, not the nature of the complaint.
Several workers recently filed equal employment opportunity complaints against Verizon, accusing their employer of racial discrimination and ignoring or retaliating against them for making allegations.
Latasha French has worked at a call center in Verizon’ corporate office in Irving, Texas for over 17 years. She recently filed an Equal Employment Opportunity Commission (EEOC) complaint with the support of her colleague, Jennifer Womack. She claimed rampant racial discrimination has occurred within their department at Verizon, which is the largest wireless provider in the United States.
The withdrawal of the bill is the first and only government concession to the five key demands of the protesters. The others are an independent inquiry into alleged police brutality, amnesty for arrested protesters, the right of Hong Kong citizens to elect their own political leaders and a government edict against describing the protests as “riots.”
The protesters also want an independent inquiry into police brutality. Jarring images of Hong Kong police beating and pepper spraying terrified people in a subway, believed, but not confirmed to be protesters, have galvanized those calls.
Cambridge Police Department spokesman Jeremy Warnick told The Hill that the 12 individuals were arrested on trespassing charges after officers attempted to escort them out of the Amazon building peacefully.
The group of demonstrators, organized by "Never Again Action: Jews Against ICE," began protesting in Boston, causing traffic issues throughout the city. The group similarly protested in July Boston Magazine reported, disrupting traffic in a demonstration against immigrant detentions and conditions at federal detention facilities.
By now we've well established that the FCC ignored the public, ignored the experts, and ignored all objective data when it killed net neutrality rules at the behest of telecom monopolies.
Basecamp CEO and co-founder Jason Fried sounded off against the practice Tuesday, calling it a "shakedown" and saying it's like ransom to have to pay up just to be seen in results.
"When Google puts 4 paid ads ahead of the first organic result for your own brand name, you're forced to pay up if you want to be found," he tweeted Tuesday afternoon. "It's a shakedown. It's ransom. But at least we can have fun with it. Search for Basecamp and you may see this attached ad."
On Wednesday, the Federal Trade Commission fined YouTube $170 million for collecting data and targeting ads to children, an alleged violation of the Children’s Online Privacy Protection Act (COPPA). The fine is relatively small — roughly 1 percent of the service’s annual revenue — but it comes with strict conditions that could spell disaster for the thousands of creators who are making content for children. As part of the settlement, YouTube must stop collecting data on videos that are targeted toward children (defined by the FTC as anyone under the age of 12). YouTubers who create videos for children, like unboxing toys or nursery rhymes, must also clearly label their content as being intended for kids.
For anyone making those videos, the changes will be significant. Features like comments and notifications won’t be available on videos “that have an emphasis on kids characters, themes, toys, or games,” YouTube CEO Susan Wojcicki said in a blog post responding to the settlement. It’s also likely that these videos will not be able to run targeted ads, which could affect monetization.
France's Ministry of Culture and Communication says that the country's anti-piracy agency, Hadopi, will likely merge with the Higher Audiovisual Council, an institution with the role of regulating electronic media. The plan is to create a more powerful authority capable of regulating both audiovisual and digital communications.