Bonum Certa Men Certa

Links 26/3/2020: Plasma Bigscreen, New Kubernetes, Fedora's New Identity and Bodhi Linux 5.1.0



  • GNU/Linux

    • Tips To Fight Coronavirus, If It Was A File In Linux World

      The novel Coronavirus (Covid-19) has been spreading over most countries in the world and forcing people to remain inside. But a Linux user is not a real Linux user if he/she doesn’t use the situation to learn new things about the Linux command line while being quarantined in home.

      Today, we are taking you in a little funny post on small tips & commands that you can use to fight Covid-19, had it been a file in the Linux world on your machine.

    • Intel

      • Fanless Whiskey Lake mini-PCs include a model based on Intel NUC Elements

        Bleujour has launched a $836 and up “Kubb Passive” NUC system and is prepping an even smaller NUC Elements based Meta U mini-PC, both of which run Linux Mint on Intel’s Whiskey Lake.

        If you’re spending more time than usual on your computer in these days of quarantine, you may ask yourself: Why does my computer have to be so ugly? French embedded vendor Bleujour, which is known for its cutting-edge enclosure designs, would answer “C’est absurde!” In other words, your computer need not be ugly so long as you’re willing to pay a bit more for style.

      • Intel IWD 1.6 Wireless Daemon Released With MAC Randomization, Per-Network MAC Addresses

        Intel open-source developers have released IWD v1.6 as their open-source, embedded-friendly wireless daemon for Linux systems as an alternative to WPA_Supplicant.

        IWD 1.6 comes with some practical additions for privacy-minded users. IWD 1.6 now allows full MAC address randomization each time it (re)connects to a network as well as a per-network MAC address override option too.

      • Intel Working On OpenGL 4.x Support For Their OpenSWR Software Rasterizer In Mesa

        Intel is working to enable OpenGL 4.x functionality for their OpenSWR software rasterizer within Mesa.

        Intel has begun publishing their slide decks and other information they were preparing for the GDC game developer conference before it was cancelled. This included an update on the oneAPI rendering toolkit. Much of the information is a repeat for anyone familiar with the likes of OpenVKL, Embree, and OSPray. The presentation can be found on devmesh.intel.com for those interested.

    • Desktop/Laptop

      • System76 launches Lemur Pro, its lightest Linux laptop
        System76 has been manufacturing Linux-based PCs for over a decade, and the company continues to pump out new systems for those who prefer the "alternative" operating system to Windows hegemony. With its new Lemur Pro laptop, the company adds to its already formidable lineup of notebooks, desktops, and servers. At just 2.2 pounds (and a mere 0.61 inches thick), the Lemur Pro is System76's lightest laptop to date. Between the slim form factor and the latest Intel processors -- not to mention the 73 Whr battery -- the Lemur Pro promises great battery life, though the company is only providing claims in a cheeky fashion (10 hours to watch the Lord of the Rings trilogy, 16 hours for reading Wikipedia, 21 hours for coding with VIM).

      • Lemur Pro: System76’s Next Lightest Linux Laptop Starting At $1,099

        The last six months are filled with a lot of headlines by the announcements of new Linux-based laptops. Various new players have emerged to lure the new audiences with pre-installed Linux distros in their high powered laptops.

        Along the similar lines, System76 has again come up with its new lightest laptop, Lemur Pro. Though they are an old player building Linux based desktop, server, or laptop, they’re now including their own services more. Hence, the latest Lemur Pro targets to bring high battery power and lightweight with either their own pre-loaded Ubuntu-based Pop!_OS or Ubuntu.

      • Asus Vivobook - Long in the tooth, going strong

        For a brief while, I did ponder reinstalling the system from scratch, but then decided against it. The problems I encountered were small (if annoying), and I was able to resolve them quickly. The system works well, it's fast enough. Not bad for a 2013 laptop that was made to be frugal to begin with. Now ideally, there should be no niggles and no upgrade ghosts, but there you have it. As far as the road test goes, I had everything I needed in strange and foreign places, and the Vivobook + Plasma did their job dutifully.

        I will probably follow up with one or two more articles of this nature in the future. I'm not sure how extensively I'm going to be using the Ultrabook, but then, its age will be an interesting factor to reckon with. My older laptops are handling the brunt of passing years fairly well, but they were also in a higher cost category when new. With this machine in the mid-price range, I don't really know how things are going to evolve. That's about it for now. The end.

      • There is No “Linux” Platform (Part 2)

        The problems outlined in Part 1 are of course not new, and people have been working on solutions to them for a long time. Some of these solutions have really started to come together over the last few years, empowering the people making the software to distribute it directly to the people using it.

        Thanks to the work of many amazing people in our community you can now develop an app in GNOME Builder, submit it to Flathub, get it reviewed, and have it available for people to install right away. Once it’s on there you can also update it on a schedule you control. No more waiting 6 months for the next distribution release!

      • Need Viber on your Chromebook? For now, Linux is probably the answer

        Over the weekend, I received a message from a reader who was desperately trying to get Viber working on his Chromebook. What is Viber you ask? Yeah, I wasn’t exactly familiar with it either but over 1 billion people around the globe depend on Rakuten’s messaging platform for chat, calls and even video conferencing. The app itself looks really inviting and it appears to offer similar features to WhatsApp and many other chat apps.

    • Server

      • 7 remote work discipline tips for the sysadmin

        Using protocols such as Secure Shell (SSH) and Remote Desktop Protocol (RDP) have allowed me to work from home for the better part of the past twenty years. It's not the tools, the work itself, or the distance from your target hosts; it's the discipline required when working from an alternative location that you need to conquer. And, if you're a system administrator with a few years on your resume, then you know that managing us is akin to herding cats. In other words, discipline is not really our "thing."

        When I first began working from home in 2001, the concept wasn't new to me. I had set up remote work environments for many of my business clients starting in 1996. At that time, users had computers equipped with modems that dialed into a server also equipped with modems. Once connected, remote users could perform their jobs exactly as they did when they sat at their office desks.

    • Audiocasts/Shows

      • 2020-03-25 | Linux Headlines

        LLVM 10 arrives with improvements for RISC-V and WebAssembly, the latest version of Swift improves package management and focuses on developer productivity, Cloudflare makes some impressive performance upgrades to Linux disk encryption performance, and Plasma Bigscreen aims to provide a voice-controlled smart TV interface powered by KDE and Mycroft.

      • FLOSS Weekly 571: Agones

        Agones is an open-source, multiplayer dedicated game server scaling and orchestration platform, that can run anywhere Kubernetes can run. You can orchestrate game servers, integrate any engine, and monitor a servers' metrics.

      • mintCast 331 – The Art of Tracking



        First up, in our Wanderings, Leo upgrades TLP, Tony Hughes tinkers with LMDE, Manjaro fights with Moss, Josh gets cancelled, and Joe works from home.

        Then, in the news, NPM gets acquired, OBS adds a number, Purism and Pinebook have new releases, Basilisk takes us back in time, and Gnome gets new features.

        In security, Edge is coming, and it’s worse than we thought.

      • The Linux Link Tech Show Episode 850

        raspberry pi 4 woes, drones, allan, documentation is the key to success!

    • Kernel Space

      • Linux 5.5.13
        I'm announcing the release of the 5.5.13 kernel.

        All users of the 5.5 kernel series must upgrade.

        The updated 5.5.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.5.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

      • Linux 5.5.12
      • Linux 5.4.28
      • Linux 4.19.113
      • Speeding up Linux disk encryption

        Data encryption at rest is a must-have for any modern Internet company. Many companies, however, don't encrypt their disks, because they fear the potential performance penalty caused by encryption overhead.

        Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

      • Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput
      • Speeding up Linux disk encryption (Cloudflare)

        The Cloudflare blog has an article on the company's work to improve the performance of Linux disk encryption.

      • Dentry negativity

        Back in 2017, Waiman Long posted a patch set placing limits on the number of "negative dentries" stored by the kernel. The better part of three years later, that work continues with, seemingly, no better prospects for getting into the mainline. It would be understandable, though, if many people out there don't really know what negative dentries are or why kernel developers care about them. That, at least, can be fixed, even if the underlying problem seems to be more difficult. A "dentry" in the Linux kernel is the in-memory representation of a directory entry; it is a way of remembering the resolution of a given file or directory name without having to search through the filesystem to find it. The dentry cache speeds lookups considerably; keeping dentries for frequently accessed names like /tmp, /dev/null, or /usr/bin/tetris saves a lot of filesystem I/O.

        A negative dentry is a little different, though: it is a memory of a filesystem lookup that failed. If a user types "more cowbell" and no file named cowbell exists, the kernel will create a negative dentry recording that fact. Should our hypothetical user, being a stubborn type, repeat that command, the kernel will encounter the negative dentry and reward said user — who is unlikely to be grateful, users are like that — with an even quicker "no such file or directory" error.

      • Filesystem-oriented flags: sad, messy and not going away

        Over the last decade, the addition of a "flags" argument to all new system calls, even if no flags are actually needed at the outset, has been widely adopted as a best practice. The result has certainly been greater API extensibility, but we have also seen a proliferation of various types of flags for related system calls. For calls related to files and filesystems, in particular, the available flags have reached a point where some calls will need as many as three arguments for them rather than just one. One set of filesystem-oriented flags will be familiar to almost anybody who has worked with the Unix system-call API: the O_ flags supported by calls like open(). These flags affect how the call operates in a number of ways; O_CREAT will cause the named file to be opened if it does not already exist, O_NOFOLLOW causes the open to fail if the final component in the name is a symbolic link, O_NONBLOCK requests non-blocking operation, and so on. Some of those flags affect the lookup process (O_NOFOLLOW, for example) while others, like O_NONBLOCK, affect how the file descriptor created by the call will behave. All are part of one flag namespace that is recognized by all of the open() family of system calls.

        open() is one way to create a new entry in a directory; link() is another. When the time came to add flags to link(), the linkat() system call was born; this system call also follows the other relatively new pattern of accepting a file descriptor for the directory in which the operation is to be performed. linkat() has a separate flag namespace (the "AT_ flags") with flags like AT_SYMLINK_FOLLOW, which is the opposite of O_NOFOLLOW. There is also an AT_SYMLINK_NOFOLLOW that is not recognized by linkat(), but which is understood by calls like fchmodat() and execveat(). There are more AT_ flags, such as AT_NO_AUTOMOUNT, supported by the relatively new statx() system call.

      • There Is Finally Work To Allow Sysctl Parameters To Be Set From The Linux Kernel Command

        File this under the "I can't believe it took this long" or "why wasn't this done before" section... Thanks to SUSE, there are finally patches pending to allow easily setting sysctl parameters from the kernel command line using a generic infrastructure.

        Rather than setting parameters via the likes /etc/sysctl.d or manually/scripted with the sysctl command or programmed via the initramfs sysctl.conf, SUSE's Vlastimil Babka sent out a set of patches allowing sysctl parameters to be set via the kernel command-line when booting the system. He sent out the original patches last week and today followed up with the revised patches.

      • Google Engineer Posts Latest Patches For MAC + Audit Policy Using eBPF

        One of the interesting innovations for the eBPF in-kernel virtual machine in recent times is the work by Google on supporting MAC and audit policy handling by it. This stems from currently custom real-time security data collection and analysis of Google servers internally for real-time threat protection and this patch-set is part of their work on allowing similar functionality in the upstream Linux kernel.

      • Graphics Stack

    • Benchmarks

      • OpenJDK 8/11 vs. GraalVM 20 vs. Amazon Corretto JVM Benchmarks

        Following last week's benchmarks of OpenJDK 8 through the newly-released OpenJDK 14 JVM benchmarks, some Phoronix readers expressed interest in seeing Java benchmarks with Oracle's GraalVM as well as Amazon's Corretto JVM implementations. Here are some benchmarks of those benchmarks up against OpenJDK both for Java 8 and Java 11 releases.

        Last week's article was looking at OpenJDK 8 / 9 / 10 / 11 / 12 / 13 / 14 performance while today is looking at OpenJDK 8 and OpenJDK 11 up against GraalVM 20.0's Java 8 and Java 11 builds. Additionally, Amazon's Corretto 8.242.08 and 11.0.6.10 releases. The default garbage collector and other defaults were used on each setup.

    • Applications

      • Kubernetes 1.18: Fit & Finish

        We’re pleased to announce the delivery of Kubernetes 1.18, our first release of 2020! Kubernetes 1.18 consists of 38 enhancements: 15 enhancements are moving to stable, 11 enhancements in beta, and 12 enhancements in alpha.

        Kubernetes 1.18 is a “fit and finish” release. Significant work has gone into improving beta and stable features to ensure users have a better experience. An equal effort has gone into adding new developments and exciting new features that promise to enhance the user experience even more. Having almost as many enhancements in alpha, beta, and stable is a great achievement. It shows the tremendous effort made by the community on improving the reliability of Kubernetes as well as continuing to expand its existing functionality.

      • Our Essential List of Free Software for Remote Work

        Team chat has already become an essential tool for teams looking to be more collaborative and less reliant on email. At Purism we use Matrix for team chat, 1 to 1 calls, video conferencing via Jitsi (open source video conferencing), adhoc file sharing and all our community chat channels. Matrix is a distributed (federated) network, similar to email, which means you can communicate across Matrix servers and compatible services.

        You can self host Matrix or use a public instance like our own free Librem Chat service part of Librem One. All the goodness of Matrix conveniently hosted for you and accessible with one account that also gives you access to Librem Social, our hosted Mastodon instance, and our premium services: end-to-end encrypted email and VPN.

        [...]

        Most office-based teams already have email and things like a company newsletter but we thought we’d share how we manage ours. Our company email and Librem Mail are powered by Dovecot and we use GNU Mailman for our newsletter and mailing lists.

      • Daniel Stenberg: A curl dashboard

        When I wrote up my looong blog post for the curl’s 22nd anniversary, I vacuumed my home directories for all the leftover scripts and partial hacks I’d used in the past to produce graphs over all sorts of things in the curl project. Being slightly obsessed with graphs, that means I got a whole bunch of them.

        I made graphs with libreoffice

        I dusted them off and made sure they all created a decent CSV output that I could use. I imported that data into libreoffice’s calc spreadsheet program and created the graphs that way. That was fun and I was happy with the results – and I could also manually annotate them with additional info. I then created a new git repository for the purpose of hosting the statistics scripts and related tools and pushed my scripts to it. Well, at least all the ones that seemed to work and were the most fun.

        Having done the hard work once, it felt a little sad to just have that single moment snapshot of the project at the exact time I created the graphs, just before curl’s twenty-second birthday. Surely it would be cooler to have them updated automatically?

      • A QUIC look at HTTP/3

        Each HTTP session requires a TCP connection which, in turn, requires a three-way handshake to set up. Once that is done, "we can send data in a reliable data stream", Stenberg explained. TCP transmits data in the clear, so everyone can read what is transferred; the same thus holds true for the non-encrypted HTTP protocol. However, 80% of requests today are using the encrypted version, called Hypertext Transfer Protocol Secure (HTTPS), according to statistics of Mozilla (Firefox users) and Google (Chrome users). "The web is getting more and more encrypted", Stenberg explained. HTTPS uses Transport Layer Security (TLS); it adds security on the top of the stack of protocols, which are (in order): IP, TCP, TLS, and HTTP. The cost of TLS is another handshake that increases the latency. In return, we get privacy, security, and "you know you're talking to the right server".

        HTTP/1 required clients to establish one new TCP connection per object, meaning that for each request, the browser needed to create a connection, send the request, read the response, then close it. "TCP is very inefficient in the beginning", Stenberg explained; connections transmit data slowly just after being established, then increase the speed until they discover what the link can support. With only one object to fetch before closing the connection, TCP was never getting up to speed. In addition, a typical web page includes many elements, including JavaScript files, images, stylesheets, and so on. Fetching one object at a time is slow, so browser developers responded by creating multiple connections in parallel.

        That created too many connections to be handled by the servers, so typically the number of connections for each client was limited. The browser had to choose which of its few allowed connections to use for the next object; that led to the so-called "head-of-line blocking" problem. Think of a supermarket checkout line; you might choose the one that looks shortest, only to be stuck behind a customer with some sort of complicated problem. A big TCP efficiency improvement was added for HTTP/1.1 in 1997: open TCP connections can be reused for other requests. That improved the slow-start problem, but not the head-of-line blocking issue, which can be made even worse.

      • Best Image Editor for Ubuntu

        With the rise of the internet, the world has transformed in the blink of an eye, bringing about the invention of so many new technologies and development tools that have completely changed the lifestyles of the human population – for better or worse. This rapid evolution has greatly increased the demand for the freelancing business, which is becoming more and more popular by the day and slowly starting to dominate the workforce. One such freelancing profession that has slowly become an integral part of today’s industries is Graphic Designing.In a world where users of applications such as Instagram, Snapchat, and Twitter have significantly grown in number, this popularity of graphic designing hasn’t come off as a huge surprise. However, as the demand for graphic designers increased, so has the competition as well. Hence from among the abundance of image editors to choose from, one needs to be aware of which one would appear to be the best for you. With Photoshop not being compatible with Ubuntu and requires extra programs (Wine) for its installation, we decide to look at GIMP which has immensely grown in popularity in recent times.

    • Instructionals/Technical

    • Games

      • RADV Lands AMD GCN 1.0/1.1 Fix For DOOM Eternal On Linux Under Steam Play

        Doom Eternal was released this week by id Software as their first game atop the Vulkan-focused id Tech 7 engine. While it's another id Software game not seeing a native Linux port, with some tweaking the game can run under Steam Play / Proton. And now Mesa's RADV Vulkan driver has landed a fix for AMD GCN 1.0/1.1 era GPUs with a fix allowing those older graphics cards to handle this latest Doom title.

      • The RollerCoaster Tycoon 2 game engine 'OpenRCT2' has a new release up

        Ready to jump back into a classic? OpenRCT2, the free and open source game engine for playing RollerCoaster Tycoon 2 on modern systems has a fresh release up.

        Yet another wonderful FOSS project to keep an eye on just like how OpenRA (Red Alert, Dune 2000), openXcom (X-COM) and OpenMW (Morrowind) keep the classics alive so does OpenRCT2. Yesterday, version v0.2.5 "How not to be seen" was released bringing in some feature enhancements and plenty of bug fixes to make it a more pleasant experience.

      • Incredible 2D action RPG 'Chronicon' has a massive update with a Codex, Voice Acting and more

        Chronicon is a serious gem, honestly when it comes to an action RPG it's quite easily one of my favourites because it just feels so damn good. Last week, a massive update went out!

        There's a fancy new character build export/import system, so you can now save your builds and quickly swap between them. Also added is an in-game codex, that will track and lists progression in terms of areas visited, waypoints found, unique monsters killed, regular monsters killed and more. I'm quite a big fan of this Codex feature, something a few other games have to give you something fun to reflect on and compare with others. After all, you want to know you've slain 500 Ghouls right?

      • Dead Cells gets Half-Life content in a small update, plus a bigger update now in testing

        Dead Cells, the absolutely awesome action-packed mix of rogue-lite and metroidvania styling has a fresh small update out with a little Half-Life theme to it.

        Available right now to celebrate Half-Life: Alyx, the developers Evil Empire and Motion Twin have added in a HEV suit skin for your character, the iconic Half-Life crowbar and you can also make all the food items to find be from Half-Life too. Just a few fun tweaks but if you're also a Half-Life fan, it's something you absolutely need to go and find. Yes—you do need to find these new items, you're not just given them.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Plasma Bigscreen – A Dive Into Mycroft Skills, Voice Applications & More

          In this blog post I would like take you through an introduction to Mycroft GUI Skills and Voice Applications technology on Plasma Bigscreen and showcase some of the interesting stuff I have been working on for the Plasma Bigscreen Project which are available on the beta image release for the Raspberry PI 4. This beta image show cases not only media-rich voice applications but also applications specialised to fit the Bigscreen experience all developed under an open process, more information on them in the sections below.

          Plasma Bigscreen is the free open-source user interface experience for those big TV Screens, It consist of KDE Plasma technology powering the User Interface with Mycroft AI’s voice assistance technology packaged together on the image to provide a Smart TV platform and is based on KDE Neon.

          The experience when sitting 10 feet away from your TV just isn’t complete without having the ease of access to control it and that’s exactly the space in which Mycroft AI the open-source voice assistant experience fits right in to provide you with that hands free easy interaction.

        • Plasma Bigscreen

          Today I want to introduce a project I have been working on together (mostly in the background) with some colleagues of mine… Now with beta status reached, it’s time to more publicly talk about it: enter Plasma Bigscreen.

          Smart TVs are becoming more and more complete computers, but unfortunately there the experience tends to be a tight walled garden between proprietary platform, services and privacy-infringing features. Features which are very cool, like voice control, but in order to not pose a threat to the user privacy should be on a free software stack and depending less on proprietary cloud platforms where possible.

          Plasma BigScreen is a platform intended to use on smart TVs (trough a powerful enough small computing platform, such as the Raspberry Pi4, or any tiny computer if you need more power) with big remote-friendly UI controls, and Voice activation. What technology did we use for it? Plasma (of course!) and Mycroft.

        • How do most KDE websites use the same theme?

          Nearly all KDE websites use a unified theme across the board. This is part of the consistency goal, chosen as a KDE goal at the last Akademy in Milano (Italy).

          [...]

          KDE is using the Aether theme. This is a theme designed and initially developed by Ken Vermette, the talented artist that is also behind most of the Plasma wallpapers and some interesting design concept like DWD.

          This theme was originally based on one of the first Bootstrap 4 alpha version and later rebased on a stable Bootstrap 4 version. Using Bootstrap has its advantages and disadvantages.

          The biggest advantage is that it has a large community and a lot of bootstrap themes exist for CMS and static site generators. It can be easily adapted to your specific needs without starting from scratch every time.

          Another advantage is that Bootstrap is built using SASS and is designed to be extendable with tons of variables a developer can modify to globally change colors, layouts and a lot more. You can also specify the modules you want to use, and add your self-made components. For those interested in extending a Bootstrap theme, the official documentation is a great start. These capabilities were sadly not used when creating the Aether theme, but we are slowly moving to use more of the Bootstrap theming capabilities over time.

          The problem with Boostrap is that, because it is so popular, in its default from it looks like a generic website without any personal identity. Changing only the colors won’t help to make your website more unique.

          [...]

          We always need help with the websites, fixing papercuts, upgrading old websites to the new Jekyll/Hugo infrastructure, making sure information on the website is up-to-date, creating new beautiful home pages for your favorite projects and a lot more.

        • Season of KDE, 2020

          Finally, I am going to write about my experience as a student of Season of KDE 2020. A winter learning new things, learning what matters is not just writing code but writing good code. I would like to thank GCompris and KDE for giving me such an opportunity to be a part of the community and to try to bring happiness to people and kids using it around the world.

        • Season of KDE Final Report, 2020

          SoK ended finally on 17th February 2020. I am happy to share that I have completed the project “Add multiple datasets to several activities” and passed the final evaluation!!!

    • Distributions

      • Reviews

        • Tsurugi Linux Review: A Linux Distro For Digital Forensics, OSINT, And More

          Finding the best operating system always depends on the purpose and our work domain. If we need an OS for hacking, digital investigation, or forensics, we mostly opt for Linux-based distributions. And if we search for the best Linux distro for the same, we always encounter Kali Linux or Parrot.

          But it doesn’t mean that other distros are bad. There are various operating systems available that are also rising in the forensics and cyber investigation industry. Recently, I’ve been discovering other alternatives to Kali Linux and the first distro I covered lately was CSI Linux. Now, I want to introduce Tsurugi Linux — another Linux-based OS for the Cyber forensics and OSINT (Open Source Intelligence), which released its 2020.1 “Spring Edition” last week.

      • New Releases

        • Bodhi Linux 5.1.0 now available

          There are many Linux distributions nowadays. Some are unique, but many are largely repetitive and probably don't need to exist. One Linux-based operating system that manages to stand out is Bodhi, thanks to its use of the Moksha desktop environment.

          If you aren't familiar with Bodhi, please know it is a lightweight operating system that is based on the great Ubuntu. Today, Bodhi 5.1.0 becomes available. This new version is significant, as it is the first release since development leadership was changed last year.

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • SUSE offers free enterprise Linux support to medical devices manufacturers

          SUSE, a major Linux and open-source cloud company, will help any organizations building medical devices to fight COVID-19.

          The Germany-based company is doing this by offering free support and maintenance for its flagship SUSE Linux Enterprise Server (SLES) operating system and container technologies. These can be embedded in medical devices. These SUSE programs and their support packages are available immediately to meet the urgent demand to get medical devices into the hands of users as fast as possible.

        • SUSE Offers Its Technologies For Free To Combat COVID-19

          “The current global pandemic requires more from us than simply trying to survive as companies and individuals,” said SUSE CEO Melissa Di Donato. “We have cutting-edge open source technology and know-how that can help others in the fight to save lives, and we will share it immediately and without charge.”

        • SUSE’s Commitment to Combat COVID-19

          Open source is rooted in community – through unwavering collaboration, compassion, and innovation our global communities are stepping up to support those who are and may be affected by COVID-19. High performance computing, crowdsourcing, hackathons, and innovative tracking are all helping us win this unprecedented fight. From myself and everyone at SUSE, thank you for being the difference.

          SUSE is proud to be part of the open source community, and we are committed to doing our part to combat the COVID-19 pandemic. I am thrilled to share that SUSE is offering operating systems and container technologies for organizations that are producing medical devices to fight COVID-19. I encourage you all to read the press release below for more information about this new initiative. To learn more about this offer, please contact SUSE at CCO@suse.com.

        • Containers building with the Open Build Service

          If you are interested in containers building, maintenance and publishing then this video tutorial might be for you.

          It depicts the journey of a developer using the Open Build Service [1] to create and publish a container based solution using KIWI [2].

          I hope you can enjoy the video and I look forward to any feedback you may have.

        • 3 Ways Open Source is Helping to Tackle Climate Change

          Amid the current global pandemic and all of the research activity associated with it, our lives have changed dramatically. World economies have been greatly impacted, but I remain confident that things will recover in a few months. Open source software and supercomputers around the world have been helping in that research, as discussed in a recent blog post.

        • Start of SUSE Manager 4.1 Public Beta Program!

          We have a new Public Mailing List, so you can share your feedback with our Public Beta Community, our Engineering and our Product Managers.

        • SLE 15 SP2 Public Beta – Snapshot Updates (8,rc1)

          As you might know from our SLE 15 SP2 Public Beta announcement, we are now releasing fewer Public Beta ISOs but we are releasing weekly updates, called Snapshot, in our Beta Online Channels!

      • IBM/Red Hat/Fedora

        • Announcing the availability of Red Hat JBoss Enterprise Application Platform 7.3

          Today, we are announcing the general availability of Red Hat JBoss Enterprise Application Platform (EAP) 7.3, which introduces Jakarta Enterprise Edition (EE) 8 support, enhancements to operations on Red Hat OpenShift Container Platform and several new security features. JBoss EAP is an open source, Java EE 8 compliant and Jakarta EE 8-compliant application server that enables organizations to deploy and manage business-critical enterprise Java applications across hybrid IT environments, including bare metal, virtualized, private clouds or public clouds. With this release, Red Hat is continuing its commitment to Jakarta EE support and enabling customers to extend existing application investments as they continue to transition to emerging architectures and programming paradigms that require a lightweight, highly modular, cloud-native platform. What’s new in JBoss EAP 7.3

          Jakarta EE is the latest standard for building mission-critical enterprise Java applications, transitioning to the Eclipse Foundation where it continues to innovate via a collaborative, community-powered model. JBoss EAP 7.3 offers complete Jarkarta EE 8 support, including backwards-compatibility with the entire JBoss EAP 7 family of releases and the applications written for those earlier releases. This version also introduces new capabilities and enhancements that are designed to improve security, server management, observability and enhancements for JBoss EAP on Red Hat OpenShift. You can read more in the JBoss EAP 7.3 Release Notes, but here are the highlights...

        • Red Hat JBoss EAP 7.3 now supports SQL Server on Red Hat Enterprise Linux
        • npm joins GitHub, building operators in Kubernetes, and more industry trends [Ed: Red Hat's response to NSA's foremost partner Microsoft taking over the "supply chain" aggressively. "Resources"? It's an attack.]

          The impact: Open source supply chain security is a big problem that probably needs a lot more resources thrown at it.

        • On being part of the Fedora community
        • On being part of the Fedora community

          Hi, everyone. As I am sure you know, I often say that the “Friends” value of the Fedora Foundations is the one that’s personally most important to me. I want to remind everyone that when you are a Fedora contributor — a developer, a writer, an advocate, or any other role in our community — it’s important to keep the spirit of “be excellent to each other” in mind.

          Our Code of Conduct says: members of the Fedora community should be respectful when dealing with other contributors as well as with people outside the Fedora community and with users of Fedora. Please be extra-aware of how your actions even outside of our mailing lists, forums, and channels reflect upon Fedora as a whole.

          We just adopted a new vision statement: The Fedora Project envisions a world where everyone benefits from free and open source software built by inclusive, welcoming, and open-minded communities. We are continually working to make Fedora an inclusive place where all are welcome. I wish it did not need to be said, but here it is: personal attacks, innuendo, and inciting language are examples of things that do not create a welcoming community, and will not be tolerated in Fedora. We understand that even friends can disagree at times, and that emotions can lead to escalation. The Code of Conduct ticket queue is a safe place where folks can open up an issue to resolve difficult situations. Please make use of it if you ever feel it is warranted.

        • Fedora Adopts A New Vision Statement

          Fedora Project Leader Matthew Miller has sent out a reminder to Fedora contributors to "be excellent to each other" while announcing the project has a new vision statement.

        • Part 2: How to enable Hardware Accelerators on OpenShift, SRO Building Blocks

          In Part 1: How to Enable Hardware Accelerators on OpenShift we gave a high-level overview of the Special Resource Operator (SRO) and a detailed view of the workflow on enabling hardware accelerators.

          Part 2 will go into detailed construction of the enablement, and explain which building blocks/features the SRO provides to make life easier.

          The most important part is the DriverContainer and its interaction with the cluster during deployment and updates. We will show how we can handle multiple DriverContainer vendors, and how SRO can manage them.

        • Storage infrastructure for everyone: Lowering the bar to installing Ceph

          The last few years have seen Ceph continue to mature in stability, scalability and performance to become a leading open source storage platform. However, getting started with Ceph has typically required the administrator learning automation products like Ansible first. While learning Ansible brings its own rewards, wouldn’t it be great if you could simply skip this step and just get on with learning and using Ceph?

          Red Hat Ceph Storage 4 introduces a GUI installation tool built on top of the Cockpit web console. Under the covers, we still rely on the latest iteration of the same trusted ceph-ansible installation flows that have been with us since 2016.

        • Hacking the video stream for BlueJeans on Linux

          Like most of the rest of the world, I'm working from home and stuck inside. I saw some folks who had virtual backgrounds setup on Zoom, and I wondered if something like that was possible for the videoconferencing service that my employer (Red Hat) uses, BlueJeans. The short answer is: No. Bluejeans has no native support for anything other than a regular video cam stream.

          But this is Linux. We don't stop at the short answer.

          I started thinking, surely, it has to be possible to "man in the middle" the video stream. And indeed, it is. I did all of this on Fedora 32 (x86_64), but it should work anywhere else.

        • Talking about containers, virtual machines, and orchestration

          Throughout the two episodes, we explored my own personal history in coming to work with containers. From the bare metal cloud to virtual machines, to starting to use Docker, to delving into cloud environments. And, as Docker became the basic environment for both desktop and server environments, I clearly saw how everything became standardized for us in or by containers.

          With the growth of microservices, the management of containers becomes nearly impossible. The orchestration of containers becomes a thing. So, the niche for Kubernetes and other systems like it come to light. Even while Kubernetes has seen very good adoption rates over the past two years, as developers start to tune their own microservices mesh, they notice a lack of functionality in the vanilla Kubernetes. Then, here comes Istio.

          Companies like Google, IBM, and Lyft founded Istio. Istio answers some of the requirements for dealing with mesh, such as advanced load balancing methods, A/B testing, canary deployments, versioning, enforcing poliices, or just simply monitoring the services.

          Next up in the history of containers and solving some of the issues with microservices mesh based applications is OKD, the Origin Community Distribution of Kubernetes. They are also looking into the advantages of simplified streamlined deployment, management, operations, and security provided by maintained version of Kubernetes. And, finally, merging Kubernetes with all of the above capabilities we have Red Hat OpenShift.

          If you are interested in containers (and Docker, Kubernetes, Istio, or Kubernets on Red Hat OpenShift), join Marek and other IBM Developer Advocates in their webinars and other events.

      • Debian Family

        • [Older] Linux Mint Debian Edition (LMDE) 4 available for download

          At the time of writing, the Linux Mint project is still to announce the release of Linux Mint Debian Edition (LMDE) 4 but if you check out mirror services, you can grab the new version right now. The new update brings improvements that were shipped with Linux Mint 19.3 such as Cinnamon 4.4, new default software, a boot repair tool, and more.

          According to the ISO status page, the 32- and 64-bit LMDE 4 images were approved for stable release in that last several hours. While no announcement has been made, you can download them by heading to the Linux Mint mirrors page, selecting a mirror, heading into the debian folder and looking for LMDE 4. If you cannot see the ISO in the mirror you chose, just look on another mirror and you should find a download link.

        • Freexian’s report about Debian Long Term Support, February 2020

          Like each month, here comes a report about the work of paid contributors to Debian LTS.

        • Sparky named repos

          Developing and providing packages to Sparky based on Debian testing only was quite easy, it was just one branch, developed as a rolling release. No changes in repos required then.

          Everything changed after releasing Sparky on Debian stable and keeping the oldstable line as well.

          Every big upgrade, means from testing to a new stable, and stable to a new oldstable required manual changes in the repo lists.

      • Canonical/Ubuntu Family

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Events

        • Linux Plumbers Conference: LPC 2020 Call for Refereed-Track Proposals

          Note: We are still hoping to hold the conference as scheduled, but we are continually monitoring the pandemic situation. For current Covid-19 updates, please see our website https://www.linuxplumbersconf.org/#covid-19

          We are pleased to announce the Call for Refereed-Track Proposals for the 2020 edition of the Linux Plumbers Conference, which will be held in Halifax, Nova Scotia, Canada on August 25-27 in conjunction with the Kernel Summit and Linux Maintainers Summit, which takes place on August 28th.

          Refereed track presentations are 50 minutes in length (which includes time for questions and discussion) and should focus on a specific aspect of the “plumbing” in the Linux system. Examples of Linux plumbing include core kernel subsystems, toolchains, container runtimes, core libraries, windowing systems, management tools, device support, media creation/playback, accelerators, hardware interaction, and so on. The best presentations are not about finished work, but rather problems, proposals, or proof-of-concept solutions that require face-to-face discussions and debate.

        • Linux Plumbers Conference: LPC 2020 Call for Microconference Proposals



          We are pleased to announce the Call for Microconferences for the 2020 Linux Plumbers Conference, which will be held in Halifax, Nova Scotia, Canada on August 25-27 in conjunction with Kernel Summit and Linux Maintainers Summit, which takes place on August 28th.

          A microconference is a collection of collaborative sessions focused on problems in a particular area of Linux plumbing, which includes the kernel, libraries, utilities, services, UI, and so forth, but can also focus on cross-cutting concerns such as security, scaling, energy efficiency, toolchains, container runtimes, or a particular use case. Good microconferences result in solutions to these problems and concerns, while the best microconferences result in patches that implement those solutions.

          For more information on submitting a microconference proposal, visit our CfP page.

      • Web Browsers

        • Mozilla

          • How to switch from Microsoft Edge to Firefox in just a few minutes

            You’ve heard that Firefox is fast, private and secure, thanks to its built-in Enhanced Tracking Protection. You’ve also heard it’s made by people who want the web to be awesome for everyone. And now you’re ready to switch from Microsoft Edge to Firefox, but you’re worried that it’s too technically difficult or that you’ll lose your settings and information in the process.

            Fear not! Switching from Microsoft Edge to Firefox is fast and easy. Here’s how to import your bookmarks, history and passwords from Edge to Firefox, and make your new browser a home base.

          • Learn web technology at “sofa school”

            Lots of kids around the world are learning from home right now. In this post, I introduce free resources based on web technologies that will help them explore and learn from the safety of their living rooms. VR headsets and high-end graphics cards aren’t necessary. Really, all you need is a web browser!

          • TenFourFox FPR21b1 available

            TenFourFox Feature Parity Release 21 beta 1 is now available (downloads, hashes, release notes). I decided against adding the AltiVec GCM accelerator for this release, since it needs some extra TLC to convert from VSX to VMX, and I'd like to test the other major changes independently without introducing a bigger bug exposure surface than necessary. As promised, however, this release does have support for higher-speed 0RTT TLS 1.3 with HTTP/2 (particularly useful on Google properties) and has additional performance adjustments to improve parallelism of TLS connections to HTTP/1.x sites (mostly everybody else). I also updated Reader mode to the most current version used in Firefox 74, incorporating several important fixes; for a slow or complex site that you don't need all the frills for, try turning on Reader mode by clicking the "book" icon in the URL bar. You can do it even while the page is loading (reload after if not all of it comes up). FPR21 will go live with Firefox 68.7/75 on April 7.

          • Mozilla combines tracker blocking with paid, ad-free browsing

            Mozilla has partnered with Scroll to distribute funds to publications in place of ad revenue. This partnership offers Firefox users tracker-blocking technology and ad-free browsing.

            Last year, Mozilla partnered with Scroll -- a subscription service that enables ad-free browsing of its partner publications -- to analyze if a select group of users preferred paying a small fee rather than being served ads, and if the strategy was cost-effective for the publications. After seeing promising results, the two companies have announced the Firefox Better Web with Scroll beta program. The name is a mouthful, but essentially, it combines Firefox's tracker-blocking technology with Scroll's ad-free experiences on any browser. Users can opt in and pay an introductory price of $2.49 for the service, which enables them to read publications like The Atlantic, The Onion and USA Today, add-free. The publications, meanwhile, receive a share of the revenue that Scroll makes from the subscription costs.

      • FSF

        • GNU Projects

          • Spanish software to computerize healthcare in Cameroon and India

            In several rural Africa, a patient's medical history is reduced to a piece of paper. If the form is lost, the data is finished. Computerizing health centers would improve patient care and management of the services offered. Incorporate the technology to these poor databases It would help to obtain statistics and detect epidemics or spikes in diseases, in addition to guaranteeing better patient care due to monitoring, evolution, optimization of resources and extraction of statistical data. With this premise, the program developed by GNU Health, the NGO chaired by Luis Falcón. This Spanish computer engineer and doctor has installed free healthcare software as a tool for healthcare staff to improve the living conditions of their communities in countries such as Cameroon, India, Pakistan or Laos.

            "Traditional health management systems focus on the disease, which generates reactive and reductionist medicine," argues the expert. €«GNU Health has a multidisciplinary approach, with the disease prevention as main tools. It contains multiple indicators of social determinants of health, at the individual, family and society levels. Nutrition, educational level, family functionality are some of the many variables that we have to take into account if we want to improve the quality of life and health of our society. The latest technology in MRI is of little use to us if we do not end smoking, obesity or gender violence," he explains.

      • Programming/Development

        • Megvii’s open-source platform offers Chinese AI alternative

          Artificial intelligence company Megvii has open-sourced its self-developed deep learning framework MegEngine, allowing developers around the world to use and improve on the platform.

        • Andy Wingo: firefox's low-latency webassembly compiler

          WebAssembly, as you know, is a virtual machine that is present in web browsers like Firefox. An important initial goal for WebAssembly was to be a good target for compiling programs written in C or C++. You can visit a web page that includes a program written in C++ and compiled to WebAssembly, and that WebAssembly module will be downloaded onto your computer and run by the web browser.

          A good virtual machine for C and C++ has to be fast. The throughput of a program compiled to WebAssembly (the amount of work it can get done per unit time) should be approximately the same as its throughput when compiled to "native" code (x86-64, ARMv7, etc.). WebAssembly meets this goal by defining an instruction set that consists of similar operations to those directly supported by CPUs; WebAssembly implementations use optimizing compilers to translate this portable instruction set into native code.

          There is another dimension of fast, though: not just work per unit time, but also time until first work is produced. If you want to go play Doom 3 on the web, you care about frames per second but also time to first frame. Therefore, WebAssembly was designed not just for high throughput but also for low latency. This focus on low-latency compilation expresses itself in two ways: binary size and binary layout.

        • AMD Developers Looking At GNU C Library Platform Optimizations For Zen

          It's long overdue but AMD engineers are now looking at refactoring the GNU C Library (Glibc) platform support to enhance the performance for AMD Zen processors.

          Stemming from Glibc semantics that effectively "cripple AMD" in just checking for Intel CPUs while AMD CPUs with Glibc are not even taking advantage of Haswell era CPU features, AMD developers are now looking at properly plumbing AMD Zen platform support into this important C library for Linux users.

        • LLVM Developers Are Still Debating How To Handle The Intel JCC Erratum Mitigation

          Disclosed back in mid-November was the Intel JCC Erratum that required a CPU microcode update to mitigate and that in turn had broad performance hits. But via toolchain updates, some of that overhead can be offset. The GNU Assembler patches were quickly merged and new options exposed for helping to decrease that performance hit but on the LLVM side the developers are still working on their mitigation with some design decisions still to be made.

        • Swift 5.2 takes flight

          After a good half year of work, Swift is now available in version 5.2, bringing key path expressions as functions and callable values of user-defined nominal types to Apple’s general-purpose language.

          The two features mentioned are a result of the Swift Evolution process and show ways to realise more functional programming concepts. Callable values for example define function-like behaviour and can be called using function call syntax, something that wasn’t an option before.

        • Glibc's Usage Of Performance-Boosting "RSEQ" Is Still Coming Together

          Introduced into the Linux 4.18 kernel back in June 2018 was the new RSEQ system call for "Restartable Sequences" to provide faster user-space operations on per-CPU data by avoiding atomic operations updates. Sadly, seeing user-space make use of RSEQ has been a slow process.

          Restartable Sequences can make for faster querying of the current CPU number, incrementing per-CPU counters, modifying data protected by per-CPU spinlocks, writing/reading per-CPU ring buffers, and similar operations. One of the big potential users of RSEQ that we've been waiting to see its adoption on has been the GNU C Library (Glibc).

        • Reducing memory consumption in librsvg, part 3: slack space in Bézier paths
        • Build a Kubernetes Operator in 10 minutes with Operator SDK

          In Kubernetes, objects are analogous to a job or a completed task in the real world. You can use them to define common tasks, store them in a version control system, and apply them with kubectl apply. Kubernetes ensures that this triggers everything necessary to bring your declarative description to life by creating the depending resources (like pods) to run your software. Kubernetes contains a number of built-in object types that can be created with this workflow, like Deployments and Services.

          With Operators, Kubernetes allows cluster maintainers or software providers to define their own Kubernetes object types, called custom resource definitions (CRDs). These objects can be handled by the Kubernetes API, just like built-in object types. Inside the Operator code, authors can define how to act on those custom objects.

          The Operator user can use kubectl apply to create an object of this custom type, which is called a custom resource (CR).

        • Perl/Raku

          • Back to Paws

            It has been a little while since I played with my little PAWS and yes like many of us these days I have been just a little distracted, trip planned, trip changed, trip canceled etc etc etc.

            Anyway to recap where I left off I was just getting the 'SubscribeToShard' action to work with a HTTP stream to work, after a fashion anyway. Then I got side tracked a little playing about with the problem of testing if the stream was correctly sending data down the pipe and if I was decoding it correctly.

            As a byproduct of getting to the bottom of that I finally figured out what the PAWS 'Paginators' are for and I guess how to use them.

          • Getting started with hidden Markov models using Perl

            A Markov model (named after the mathematician Andrey Markov) is used for forecasting in systems of random change. Markov's insight is that good predictions in this context can be made from only the most recent occurrence of an event, ignoring any occurrences before the current one. The approach might be described as memoryless or history-agnostic prediction.

            Markov's first example (in 1913) predicted vowel occurrences in Pushkin's poem "Eugeny Onegin." The challenge today is to find a research area in which Markov models play no role. Such models are used to study thermodynamics and statistical mechanics; bioinformatics, enzyme activity, and population dynamics; solar irradiance and wind power; price trends; speech recognition and generation; data compression and pattern recognition; reinforcement learning and gesture recognition. The list goes on and on.

        • Python

          • Improving pretty-printing in Python

            The python-ideas mailing list is typically used to discuss new features or enhancements for the language; ideas that gain traction will get turned into Python Enhancement Proposals (PEPs) and eventually make their way to python-dev for wider consideration. Steve Jorgensen recently started a discussion of just that sort; he was looking for a way to add customization to the "pretty-print" module (pprint) so that objects could change the way they are displayed. The subsequent thread went in a few different directions that reflect the nature of the mailing list—and the idea itself.

          • Reading and Writing CSV Files in Python with Pandas

            There are many ways of reading and writing CSV files in Python. There are a few different methods, for example, you can use Python's built in open() function to read the CSV (Comma Separated Values) files or you can use Python's dedicated csv module to read and write CSV files. Depending on your use-case, you can also use Python's Pandas library to read and write CSV files.

            In this article, you will see how to use Python's Pandas library to read and write CSV files. However, before that let's briefly see what a CSV file is.

          • Python: Dict Setdefault And Getdefault

            In this post, we will discuss dict’s setdefault and getdefault in Python.

            These are two handy programming idioms in Python.

          • SimPy: Simulating Real-World Processes With Python

            The real world is full of systems, like airports and highways, that frequently experience congestion and delay. When these systems are not optimized, their inefficiency can lead to countless unhappy customers and hours of wasted time. In this tutorial, you’ll learn how to use Python’s simpy framework to create virtual simulations that will help you solve problems like these.

          • Learn Python Sys Module Functions

            In this article, we will take a look at the Python Sys Module. There are variables and functions that are maintained by the interpreter and the sys module provides a way of interacting with them. These variables are available until the interpreter is alive. We will have a glance at some of the commonly used sys functions.

            To work with the sys module you have to first import the module.

  • Leftovers

    • The Conquerors of America

      Patrick Weidhaas, a colleague of mine from the Lawrence Livermore National Laboratory, and also a colleague from the union group there (Society of Professional Scientists and Engineers) sent me a note saying...

    • Health/Nutrition

    • Integrity/Availability

      • Proprietary

        • The exFAT Filesystem Is Coming To Linux -- Paragon Software's Not Happy About It
        • The exFAT filesystem is coming to Linux—Paragon software’s not happy about it

          When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn't get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month's merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7—and Paragon doesn't seem happy about it.

          Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldn't have looked out of place on Steve Ballmer's letterhead in the 1990s.

        • ESET releases business edition of endpoint antivirus for Linux

          ESET has launched the latest version of ESET Endpoint Antivirus for Linux joining ESET’s existing product range catering extensively to Windows and MacOS. The new version is designed to provide advanced protection from threats to organisations’ general desktops. Powered by the advanced ESET LiveGrid technology, the solution combines speed, accuracy and minimal system impact, leaving more system resources for the desktops’ vital tasks in order to maintain business continuity.

          The company said its latest version of ESET Endpoint Antivirus for Linux is designed to meet the high standard of protection necessary in a corporate network, and now offers the same cutting-edge protection that exists for other operating systems. Key features include real-time file protection, more efficient scanning and increased stability, as well as full compatibility with the ESET Security Management Center and ESET Cloud Administrator. The software is intuitive to manage and can be deployed immediately and seamlessly.

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Linux Foundation

              • Keeping Tech Skills Up to Date From Anywhere, Anytime

                The Linux Foundation has been a 100% remote workforce for many years, so we are lucky to be in the position where the COVID-19 pandemic has not impacted our ability to deliver training and certification solutions. As a non-profit organization, our mission has always been to provide high quality, affordable programs to those who want and need them.

          • Entrapment (Microsoft GitHub)

            • COVID-19 vs open source: How developers are fighting the virus [Ed: Just promoting the illusion that proprietary software monopolists from Microsoft now speak 'for' Open Source]

              Programmers are in a unique position where not only can they typically work from home during the COVID-19 pandemic, but they can help lend a hand. Help fight COVID-19 and donate your computing power, help create a community app, and keep on social distancing!

        • Security

          • Security updates for Wednesday

            Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).

          • Securing open source through CVE prioritisation

            According to a recent study, 96% of applications in the enterprise market use open-source software. As the open-source landscape becomes more and more fragmented, the task to assess the impact of potential security vulnerabilities for an organisation can become overwhelming. Ubuntu is known as one of the most secure operating systems, but why? Ubuntu is a leader in security because, every day, the Ubuntu Security team is fixing and releasing updated software packages for known vulnerabilities. It is a continuous 24/7 effort. In fact, on average, the team is providing more than 3 updates each day, and the most vital updates are prepared, tested and released within 24 hours. To achieve that result, Canonical designed a robust process to review, prioritise and fix the most crucial software vulnerabilities first. Software vulnerabilities are tracked as part of the Common Vulnerabilities and Exposures (CVE) system, and almost all security updates published by the Ubuntu Security team (via Ubuntu Security Notices – USNs) are in response to a given public CVE.

          • Oracle Engineers Send Out Linux Patches For Trenchboot Secure Late-Launch Kernel Support

            Going back to over a year ago were discussions by Oracle engineers and others about a secure launch boot protocol for the Linux kernel to in turn tie into the Trenchboot open-source project working on various system integrity features. We are now finally seeing new patches out of Oracle for wiring more Trenchboot support into the Linux kernel.

          • Josh Bressers: Part 5: Which of these security problems do I need to care about?

            If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article. Or not, I mean, whatever.

            I’ve spent the last few posts going over the challenges of security scanners. I think the most important takeaway is we need to temper our expectations. Even a broken clock is right twice a day. So assuming some of the security flaws reported are real, how can we figure out what we should be paying attention to?

          • Privacy/Surveillance

            • The Pandemic Surveillance State

              In anticipation of the post-COVID-19 world, bold statements are being made on how we will, as a race, be wiser, even kinder; cautious, and reflective.€  If history is ever a lesson on anything, such statements are bound to be the fatuous utterances of a moment, soon forgotten.€  What is left, instead, are the policy legacies, the detritus of bad decisions made on the long march of folly.

            • Bringing encryption restrictions in through the back door

              The composition of the commission includes three administration officials, the Attorney General, Secretary of Homeland Security, and chairman of the Federal Trade Commission, along with 16 other members in several different groups. Four will be from law enforcement or the prosecution of CSAM crimes, four will be either survivors of those crimes or professionals who work with the victims, four from the "interactive computer service" industry, two experienced in constitutional law, consumer protection, or privacy, and two computer scientists experienced in "cryptography, data security, or artificial intelligence". That mention of "cryptography" is as close as the bill gets to talking about encryption.

              The commission only requires 14 of its members to agree on the best practices, however, so the computer scientists and consumer-protection specialists could be ignored entirely, for example. Worse than that, though, is that the Attorney General and other administration officials effectively have veto power over the best practices list. Since they will be participating in the formulation of the list, it seems a tad unlikely that it will not be to their liking. Since the current Attorney General (and, really, all of his predecessors no matter which of the two dominant parties is appointing them) is strongly anti-encryption, one would guess that providing a backdoor "for law enforcement" will make the list.

              But the consequences of not following these commission-established rules is where the "earn" part comes in. Companies that offer interactive computer services are currently shielded from liability based on the actions of their users via section 230 of the Communications Decency Act (CDA), which came about in 1996. It effectively treats service providers as mere conduits, rather than as publishers; the latter have far more liability for the content they purvey. Under EARN IT, though, service providers would only continue to receive section 230 protection if they follow the practices that the commission "recommends". Thus, they would earn their right be treated as telecommunications providers—but only if they bow to the best practices, which will certainly curtail true end-to-end encryption for users.

    • Environment

      • Energy

      • Wildlife/Nature

        • The Nez Perce-Clearwater Forest Plan Has No Accountability

          The Forest Service is currently accepting public comments on the Draft Environmental Impact Statement for the forest plan revision on the Nez Perce and Clearwater National Forests. The comment deadline is April 20. The National Forest Management Act (1976) mandates all national forests to have a resource management plan or forest plan. Forest plans dictate the management direction of a particular forest. The new, single plan for the Nez Perce and Clearwater National Forests will potentially guide management for the next few decades.

    • Finance

    • AstroTurf/Lobbying/Politics

      • The Case for an Indictment of the US Government for Criminal Negligence for its Bungled Response to COVID-19

        The charge is criminal negligence. Criminal Negligence exists as follows: “Everyone is criminally negligent who in doing anything, or in omitting to do anything that it is his duty to do, shows wanton or reckless disregard for the lives or safety of other persons.”

      • Trump and the Virus: It's All About the Base

        In confronting the coronavirus pandemic, it is striking that President Trump, who normally likes to be seen as The Man in Charge, driving events, has instead dragged his feet when pressed to take decisive, radical measures that most experts argue are necessary to avert the most catastrophic infection and death rates.€  For months he downplayed the seriousness of the outbreak, before finally in the last week or so finally accepting that it is indeed serious.€  He then, ludicrously, claimed that he knew it was a pandemic long before it was called one.€  Was he then lying to the public earlier?€  Or is he lying now?

      • Harish Pillay 9v1hp: No. Internet voting is still a No Go.



        I was asked by a friend why is it that we can’t do voting over the Internet. With all of the digitisation being done globally, and the ongoing COVID-19 issue, shouldn’t Singapore – the Smart Nation – have the general elections (which is due no later than April 2021) be done over the Internet?

        One word answer: No.

        Yes, you have done plenty of Internet banking transactions. You’ve sent money to phone numbers, you’ve received monies etc. You’ve bought stuff using your credit card over the Internet and received the goods. And yes Amazon, Alibaba, Paypal, eBay etc are multi-billion businesses that accept payments over the Internet. It is safe and it works.

        Why? Because of the simple transaction involved: you know what you paid – you can check the ledger and the recipient can check as well. E-commerce sites can see the transactions just as clearly as those involved in the transactions.

        There is no secrecy within a transaction here. There is secrecy across all transactions, but each participant in a transaction knows all the details.

        When you transfer $100 to a bank account over the Internet, you can check that it was delivered/received. You can check that your account was reduced by $100 and the recipient’s increased by $100.

        But if you are NOT part of a transaction, you have no idea what happened. So, global secrecy is enforced and that’s all well (hence money laundering, bribery etc thrives).

        The democratic process of voting has one critical thing that is different from the usual electronic transactions: the participants of the transaction DON’T KNOW WHAT TRANSPIRED because of vote secrecy.

    • Civil Rights/Policing



Recent Techrights' Posts

Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
 
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024