Bonum Certa Men Certa

Links 27/8/2020: Kubernetes 1.19, 2020 Linux Kernel History Report, Linux Foundation Board Member From Microsoft Liaises With Microsoft Tim



  • GNU/Linux

    • HBO Max cranks up the Widevine DRM, leaves Linux users in the cold

      Unfortunately, trying again later won't help—the root cause of the problem is that the Widevine DRM attempting to protect HBO Max's content from pirates is refusing to recognize any Linux system as a known platform. We saw the same thing happen in January, when CBS All Access suddenly stopped working on Linux in the same way. When we asked CBS executives if they had enabled the Verified Media Path (VMP) requirement on their Widevine server, they suddenly clammed up—but later that day, the service miraculously worked for Linux users again.

      We did verify that HBO Max will not work on Linux browsers and that the problem is—once again—Widevine DRM refusing to issue a license. Although HBO Max has not returned requests for comment at press time, it seems very likely that the cause here is the same as it was for CBS All Access back in January. It seems like somebody enabled Verified Media Path on the Widevine server, and since the Linux kernel is not a verified media path, Linux users can't get a license and can't watch the content.

      We're hopeful that once HBO Max gets the word that this decision locked out a small percentage of their users—and getting them back is as simple as toggling an option "off" again—they'll get their Linux users back online, just as CBS did back in January. We'll update here if and when we hear back from HBO Max executives, or if the situation otherwise changes for their Linux users.

    • Audiocasts/Shows

      • FLOSS Weekly 593: TrustyAI - Combining Machine Learning Algorithm, and Decision Logic

        TrustyAI is a new open-source initiative from within the Knowledge Is Everything (KIE) Group that's designed to increase trust in the decision-making processes that depend on AI predictive models. With TrustyAI, decisions can be regulated to go against human bias and can be used in multiple different areas including, medical diagnosis, loan approvals, and so much more. Doc Searls and Jonathan Bennett talk with an executive at Red Hat, Rebecca Whitworth who is leading the team and research into TrustyAI. They discuss the importance of having artificial intelligence be open and fair and what it truly means to "Trust" AI.

      • Destination Linux 188: BASH vs ZSH vs FISH: What Is The Best Linux Shell?

        On this week’s episode of Destination Linux, the #1 video-centric Linux podcast on the planet. We’re going to talk about the subject of the best Unix Shell is it time to switch away from BASH? We have a new Kali Linux out with some surprising changes. A new games just dropped for Linux and it has a very dark premise. Later in the show we’ll give you our popular tips/tricks and software picks. Plus so much more, coming up right now on Destination Linux.

      • Unfettered Freedom, Ep. 4

        Unfettered Freedom is a video podcast that focuses on news and topics about GNU/Linux, free software and open source software.

      • VimWiki Diary: Who Needs Schedling App When You Have Vim

        I've been using vimiwiki to do all of my note taking for quite a while now and I recently did a video on a scehduling app but it didn't click with me until someone mentioned in the comments section that Vimwiki has a built in diary feature called Vimwiki Diary, it doesn't require any extra plugins it just works out of the box.

    • Kernel Space

      • Theoretical vs. practical cryptography in the kernel

        Shortly before the release of the 5.8 kernel, a brief patch to a pseudo-random-number generator (PRNG) used by the networking stack was quietly applied to the kernel. As is the norm for such things, the changelog gave no indication that a security vulnerability had been fixed, but that turns out indeed to be the case. The resulting controversy had little to do with the original vulnerability, though, and everything to do with how cryptographic security is managed in the kernel. Figuring prominently in the discussion was the question of whether theoretical security can undermine security in the real world. Port numbers assigned to network sockets are not an especially secure item — they are only 16 bits, after all. That said, there is value in keeping them from being predictable; an attacker who can guess which port number will be assigned next can interfere with communications and, in the worst case, inject malicious data. Seemingly back in March, Amit Klein reported a port-guessing vulnerability to the kernel's security team; properly exploited, this vulnerability could be used to inject malicious answers to DNS queries, as one example.

        The source of the problem comes down to how the kernel selects port numbers, which should be chosen randomly so as to not be guessable by an attacker. The kernel is able to generate random numbers that, as far as anybody knows, are not predictable, but doing so takes time — more time than the network stack is willing to wait. So, instead, the networking code calls prandom_u32(), which is a much simpler PRNG; it is effectively a linear-feedback shift register. That makes it fast, but unsuited to cryptographic operations; its output is a relatively simple function of its state, so anybody who can figure out what its internal state is can predict its output going forward. Klein, it seems, was able to do exactly that by observing the port numbers assigned by the kernel.

      • 5.9 Merge window, part 2

        By the time Linus Torvalds released 5.9-rc1 and closed the merge window for this cycle, 12,866 non-merge changesets had been pulled into the mainline repository. Nearly 9,000 of those came in after the first 5.9 merge-window summary was written. Clearly the kernel-development community remains busy. Much of what was merged takes the form of cleanups and restructuring, as always, but there was also a substantial set of new features.

      • OpenZFS Support Merged Into Mainline FreeBSD

        Following ongoing work for over a year on moving to OpenZFS for FreeBSD's ZFS file-system support, FreeBSD HEAD overnight has imported the OpenZFS code-base.

        Earlier this year OpenZFS saw the FreeBSD support added. In the months since OpenZFS has continued seeing BSD improvements as well as other improvements on its own like Zstd compression for OpenZFS.

        The milestone now being crossed is the OpenZFS file-system code is imported into FreeBSD HEAD.

      • OpenZFS 2.0-RC1 Released With Unified Linux/BSD Support, Zstd Compression & Much More

        The first release candidate of the forthcoming OpenZFS 2.0 is now available for testing on both Linux and BSD systems.

        OpenZFS 2.0 is a huge feature release for this well maintained, portable open-source ZFS file-system implementation. OpenZFS 2.0 brings unified support for both Linux and now FreeBSD too. FreeBSD just mainlined the OpenZFS code and has been working for many months now on transitioning over to this more maintained and active ZFS file-system code-base.

      • Relying on plain-text email is a 'barrier to entry' for kernel development, says Linux Foundation board member

        Linux kernel development – which is driven by plain-text email discussion – needs better or alternative collaborative tooling "to bring in new contributors and maintain and sustain Linux in the future," says Sarah Novotny, Microsoft's representative on the Linux Foundation board.

        Said tooling could be "a text-based, email-based patch system that can then also be represented in a way that developers who have grown up in the last five or ten years are more familiar with," she added.

        Novotny has been at Microsoft for just over a year, working in Azure's Office of the CTO where she describes herself as an “open source wonk.” She came from Google, where she was head of open-source strategy for the web giant's Cloud Platform. “I have a broad remit to investigate and engage in open source across the company,” she told us.

      • Download the 2020 Linux Kernel History Report

        Over the last few decades, we’ve seen Linux steadily grow and become the most widely used operating system kernel. From sensors to supercomputers, we see it used in spacecraft, automobiles, smartphones, watches, and many more devices in our everyday lives. Since the Linux Foundation started publishing the Linux Kernel Development Reports in 2008, we’ve observed progress between points in time.

        Since that original 1991 release, Linux has become one of the most successful collaborations in history, with over 20,000 contributors. Given the recent announcement of version 5.8 as one of the largest yet, there’s no sign of it slowing down, with the latest release showing a new record of over ten commits per hour.

      • Commit 1 million: The history of the Linux kernel

        While the Foundation has issued several Linux kernel history reports before, this one is unique. That's because, thanks to the work of Dr. Daniel German and his cregit tool, it's now possible to track all three of the kernels' different development stages: Pre-version control, September 1991 until February 4, 2002; BitKeeper, February 4, 2002 to April 15, 2005; and git, April 16, 2005 to today. Cregit enables developers and researchers to track who's responsible for significant source code changes.

        If you're new to Linux, you may not know that version control was a hot-button issue in the 2000s. For over a decade, Linux had no version control system (VCS) at all. You'd post your patch to the mailing list, and if Torvalds accepted it he'd apply it to his own source tree and then post a new release of the whole tree.

        There were VCSs available, such as Concurrent Versions System (CVS) and Subversion, but Torvalds didn't like any of them. Thanks to community pressure, however, Torvalds finally picked one: BitKeeper.

      • DigitalOcean & Others Still Working On Core Scheduling To Make Hyper Threading Safer

        With vulnerabilities like L1TF and Microarchitectural Data Sampling (MDS) prominently showing the insecurities of Intel Hyper Threading, DigitalOcean and other organizations continue spearheading a core scheduling implementation for Linux that could allow HT to remain enabled but with reducing the security risk.

        DigitalOcean has been working on Linux core scheduling for more than one year as a means of ensuring only trusted applications get scheduled to run on siblings of a core. At the same time, the scheduler aims to try to avoid using SMT/HT in areas where it could degrade the performance.

      • Graphics Stack

        • Mesa Softpipe Set To See Better Performance, Introducing New NIR-To-TGSI Path

          Mesa Gallium3D is close to seeing a major change in their intermediate representation path for drivers consuming Gallium's TGSI rather than NIR directly. Eric Anholt has been working on a NIR-to-TGSI path so that drivers still relying on TGSI can benefit from the NIR optimization paths and improvements while ultimately hoping to eliminate the existing GLSL-to-TGSI code-path currently relied upon by these drivers.

        • hipSYCL Seeing New Runtime For This SYCL Implementation For CPUs + ROCm/CUDA GPUs

          The hipSYCL effort has been about supporting the Khronos SYCL single-source language built on C++ across any CPU with OpenMP as well as AMD Radeon GPUs via ROCm and NVIDIA GPUs via CUDA. The hipSYCL effort has a new "Lite" experimental runtime under development.

        • Mike Blumenkrantz: Clear Out

          Once more jumping around, here’s a brief look at an interesting issue I came across while implementing ARB_clear_texture.

          When I started looking at the existing clear code in zink, I discovered that the only existing codepath for clears required being inside a renderpass using vkCmdClearAttachments. This meant that if a renderpass wasn’t active, we started one, which was suboptimal for performance, as unnecessarily starting a renderpass means we may end up having to end the renderpass just as quickly in order to emit some non-renderpass commands.

          I decided to do something about this along the way. Vulkan has specific commands for clearing color and depth outside of renderpasses, and the usage is very straightforward. The key is detecting whether they’re capable of being used.

        • NVIDIA's Director of Software Development Talks Up Open-Source

          While NVIDIA's desktop graphics drivers may not be open-source, there are other open-source projects maintained by NVIDIA that we have covered over the years particularly in the high performance computing and visual design space, among other interesting bits. Dirk Van Gelder who is NVIDIA's Direct of Software Development gave a talk this week about some of the open-source efforts engaged in by the company.

          Not related to any open-source driver work/announcement but rather open-source at large within the graphics giant, Dirk presented at the Academy Software Foundation's Open-Source Day about the areas they are engaged in with open-source. Dirk joined NVIDIA earlier this year as their Direct of Software Development after serving the prior two decades at Pixar.

    • Applications

      • Kubernetes 1.19: Accentuate the Paw-sitive

        Finally, we have arrived with Kubernetes 1.19, the second release for 2020, and by far the longest release cycle lasting 20 weeks in total. It consists of 33 enhancements: 12 enhancements are moving to stable, 18 enhancements in beta, and 13 enhancements in alpha.

        The 1.19 release was quite different from a regular release due to COVID-19, the George Floyd protests, and several other global events that we experienced as a release team. Due to these events, we made the decision to adjust our timeline and allow the SIGs, Working Groups, and contributors more time to get things done. The extra time also allowed for people to take time to focus on their lives outside of the Kubernetes project, and ensure their mental wellbeing was in a good place.

        Contributors are the heart of Kubernetes, not the other way around. The Kubernetes code of conduct asks that people be excellent to one another and despite the unrest in our world, we saw nothing but greatness and humility from the community.

      • Bpytop - An Efficient Resource Monitor in Linux

        For terminal lovers, having the ability to monitor your system resource usage is just as crucial. Being aware of your systems' resource utilization helps you make informed decisions in general system maintenance. There are a few options out there such as top and htop, but these only display a few system metrics such as CPU and memory usage. Bpytop is an efficient and visually appealing terminal-based resource monitor with a game inspired theme that displays various system resources.

      • Protect your Privacy and Freedom with Session: A Free Onion-powered Messenger

        Privacy is not a luxury, it's a necessity. Unfortunately, It's hard to find privacy-focused applications that really consider its users. Our topic today is about one of this rare privacy-focused app: Session. So what's Session?

        [...]

        Session is an open-source project that is released under GPL-3.0.

      • Jonas Meurer: cryptsetup-suspend

        Today, we're introducing cryptsetup-suspend, whose job is to protect the content of your harddrives while the system is sleeping.

      • Intel To Release OSPray Studio Scene Graph Application Soon As Part Of oneAPI

        As part of the virtual SIGGRAPH20, Intel is using the opportunity to talk up their ray-tracing efforts.

        Intel's SIGGRAPH20 focus is largely on their software side with oneAPI.

    • Instructionals/Technical

    • Wine or Emulation

      • Wine-Mono Won't Bother With .NET 5.0 - The Official Microsoft Binaries Should Work Fine

        Microsoft announced on Tuesday that the .NET 5.0 release is now "feature complete" for this major overhaul of .NET that breaks compatibility with prior versions. Microsoft .NET 5.0 has many changes to its libraries and runtimes, introduces WebAssembly support, support for single file applications/executables, new APIs, better performance, and much more.

        While normally new .NET releases are a major pain for the likes of Wine in trying to support Windows .NET applications on Linux and other platforms, the .NET 5.0 milestone shouldn't be such a pain point.

    • Games

      • Hacking GOG.com for fun and profit

        If you have a GOG account, you might have received an email announcing a Harvest Sale. While it’s unusual for harvest to last only 48 hours, but apart from that naming blunder, the sale is no different than many that came before it. What caught my attention was somewhat creative spot the difference puzzle that accompanied it. Specifically, as pretext to share some image processing insights.

      • Linux Format has a Collabora dev talk about Steam's Linux container 'Pressure Vessel'

        Linux Format issue 267 went out today (not affiliated) and in it there's a rather wonderful interview with Simon McVittie, a software engineer at Collabora who also works on things for Valve to do with Steam on Linux.

        In the latest interview, McVittie talks a little about all the work they do including being a Debian contributor and for GNOME too. If you're interested in learning more about the people working behind the scenes, it's quite an interesting interview. Especially so, if you're a Linux gamer. McVittie has also been working on Pressure Vessel, a container system for Steam on Linux to run games inside and hopefully ensure they work pretty much everywhere. For regular readers here at GOL, this hopefully won't be brand new news, as we've written about it a few times (#1, #2) before.

      • Drone building game 'Nimbatus' has a first major post-release update

        Nimbatus is a game where you can let creativity flow and design some really wild and explosive stuff, now even more so with a major update out.

        Not played it or seen it? You get to go through a random campaign, hopping from one planet to the next as you build up a powerful drone block by block. This can be entirely manual to get into the action, or you can attach various simple logic blocks and sit back to watch the fireworks. There's also various PvP modes too.

        It released in full back in May, with the first major update out now. This free upgrade includes the ability to multi-select drone parts when editing, store drone parts as templates to re-use, new tutorials, a free camera option for the Programmer captain and various bug fixes. There's also some new building parts you can use including wheels, a grappling hook and a ballast tank. Certainly will be amusing to see what drones people come up with to use them. Springs also gained a linear option, which they say allows for better suspension on wheels.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • What is the KDE Project and Community?

          The KDE Project, which is short for K Desktop Environment, is an international organization that started as a desktop environment but soon evolved into a community whose main aim is the development of free, open-source software for different platforms.

          KDE is one of the largest open-source international communities out there that have become well known for creating stable and high-quality applications for both the desktop and mobile. The community of KDE is made up of all sorts of people with a diverse set of skills – programmers, writers, translators, artists, and so on.

          It is precise because of this diversity that has allowed KDE to reach the heights that it has touched upon right now.

        • Virtual Conference Setup Details

          While the OBS-based setup is certainly very powerful (and this isn’t even scratching the surface), it’s also complex and fragile, particularly given my limited familiarity with the involved technologies. Not ideal, as the last thing you want is fighting setup issues during a live presentation. So let’s see how well this holds up at KDE Akademy in less than two weeks :)

        • Sending Multimedia messages, KDE Connect (GSoC 2020 – Final evaluation)

          So GSoC’s final evaluation has started. I am really happy that all tasks have been finished on time. Most of them already merged into master and I hope last ones would also merge soon.

          For the last three months I have been working on MMS support in KDE Connect SMS app and plugin. Since my last status update I had been working on adding support to allow the users to attach multimedia files to the MMS messages and also added support to record audio and send it to the destination. Apart from these I have also worked on fixing some bugs and implementing an event notifier for SMS plugin which notifies the desktop SMS app about the failure in sending the messages and changes of settings on the remote device.

          Here is a short demonstration of the overall features of KDE Connect which I have worked upon till now!

        • Google Summer of Code 2020 - Post 9

          During the last days I finished adding a directed acyclic graph layout algorithm to the Rocs graph-layout plugin. This includes an implementation of the algorithm itself, functional tests, non-functional tests, documentation and the following user interface.

        • Google Summer of Code 2020 – week 12

          Hello! This is the post about my week 12 and, probably, also my final post for GSoC 2020.

          You can see my Merge Request in regards to the support of text annotation here. Today I will talk about what I have done this week and also show the progress of marK so far near the end of GSoC.

      • GNOME Desktop/GTK

        • Andrei Lisita: GSoC 2020 Final Submission

          This summer is slowly coming to an end and with it the final month of Google Summer of Code. This blog post will serve as the final submission for my participation. I’ll go one by one over the Merge Requests that got accepted into Epiphany and give a short description of my work.

    • Distributions

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • What’s new in Kubernetes 1.19

          Thanks to Sascha Grunert for the technical content of this post. In addition to being a member of the Containers Squad of the SUSE CaaS Platform team, Sascha is Technical Lead in the Kubernetes Release Engineering Subproject, which is part of SIG Release. He participated in many Kubernetes release cycles from different roles and is thrilled to give you an update about the next version. SUSE congratulates the Kubernetes Project on another evolution of the most popular container orchestration and management platform, which forms the basis of our SUSE CaaS Platform. You can expect to see Kubernetes 1.19 supported in a future SUSE release.

          [...]

          Two Common Vulnerabilities and Exposures (CVE) will be fixed in Kubernetes v1.19.0. The first one is CVE-2020-8559, which allows a privilege escalation from a node inside the cluster. This means if it is possible to intercept certain requests to the Kubelet, then an attacker could send a redirect response that may be followed by a client request using the credentials from the original request. This can lead to compromise of other nodes inside the cluster.

          The other fixed vulnerability is CVE-2020-8557. This CVE allows a Denial of Service (DoS) via a mounted /etc/hosts file inside a container. If a container writes a huge set of data to the /etc/hosts file, then it could fill the storage space of the node and cause the node to fail. Root cause for this issue was that the kubelet does not evict this part of the ephemeral storage.

        • SUSE plots edgier Kubernetes with Linux behind the wheel

          SUSE has had a busy year, with a switch of CEO, the ditching of OpenStack, and the buy of Kubernetes darling Rancher Labs.

          The Register spoke to the veteran Linux flinger's president of Engineering and Innovation, Thomas Di Giacomo, and CTO and openSUSE chair Gerald Pfeifer, about cars, Kubernetes, open source and life free from the clutches of its previous owner.

          Last month's Rancher Labs slurp highlighted the freedom SUSE now enjoys after it was jettisoned from Micro Focus in 2018.

        • The Dog days of Summer means we are that much closer to SUSE Digital Partner Summit

          Two weeks – we’ll be firmly in September with kids in some form of school AND the SUSE Digital Partner Summit beginning its first day (hint: register!). As mentioned in an earlier post day, 1 features a keynote from Melissa Di Donato and Paul Devlin and the announcement of the SUSE One Partner Program and why the program is evolving to the specializations of INNOVATE, BUILD, SELL, MANAGE, SERVICE and TRAIN to be covered by Rachel Cassidy. Rachel will be joined by Julie Baldwin as they discuss how one of our partners have found ways to stay relevant in a cloud-first world.

      • IBM/Red Hat/Fedora

        • MIR JIT Aiming For First Release Later This Year By Red Hat Developer

          Vladimir Makarov of Red Hat spoke at this week's Linux Plumbers Conference during the GNU Tools Track on lightweight JIT compilers and the effectiveness (or not) of GCC's JIT implementation as well as LLVM's JIT in the context of just-in-time support for Ruby. But following those shortcomings with GCC/LLVM JIT, he's been working on MIR as a lightweight JIT compiler.

          We first covered MIR at the start of the year as the Medium Internal Representation and aims to be a lightweight JIT inspired by shortcomings off GCC and LLVM JIT support. MIR so far remains catered towards Ruby usage though there is work on going from LLVM IR to MIR.

        • Build Smart on Kubernetes Hands-on Learning Journey

          As containerization grows in popularity, Kubernetes continues to lead as an open source system for container orchestration. From process automation to the simplification of scaling applications, it is truly an exciting time to be building the next generation of services that are ushering in a new age of technology. However, as the popularity of Kubernetes continues to grow, we know that it’s hard to keep track of new capabilities and resources to continuously improve the efficiency of builds. To address this issue of the overabundance of useful information, IBM Developer created the Build Smart on Kubernetes Hands-on Learning Journey workshop, which is happening September 15-17.

          The Build Smart on Kubernetes Hands-on Learning Journey is a virtual progressive workshop in 3 parts, held 2 hours per day. This workshop jumpstarts your understanding and experience of application development on Kubernetes featuring Red Hat OpenShift. Starting with an exploration of containers, you rapidly move into a series of hands-on experiences that demonstrate why Red Hat OpenShift is a rich, enterprise Kubernetes platform for the development of cloud-native applications.

        • Contribute at the Fedora Test Week for Btrfs

          The Fedora Project is changing the default file system for desktop variants, including Fedora Workstation, Fedora KDE, and more, for the first time since Fedora 11. Btrfs will replace ext4 as the default filesystem in Fedora 33. The Change is code complete, and has been testable in Rawhide as the default file system since early July. The Fedora Workstation working group and QA team have organized a test week from Monday, Aug 31, 2020 through Monday, Sep 07, 2020. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.

      • Debian Family

        • Andrew Cater: The Debconf20 song

          The DebConf 20 song - a sea shanty - to the tune of "Fathom the bowl"

          Here's to DebConf 20, the brightest and best Now it's this year's orga team getting no rest We're not met in Haifa - it's all doom and gloom And I'm sat like a lifer here trapped in my room

        • SparkyLinux 2020.08 GameOver, Multimedia and Rescue Editions Are Out Now

          The SparkyLinux developers announced today the general availability of three more editions in the latest SparkyLinux 2020.08 release, namely GameOver, Multimedia, and Rescue.

          Shipping with the same improvements that are present in the SparkyLinux 2020.08 LXQt, MATE, Xfce, MinimalGUI (Openbox), or MinimalCLI editions announced last week, the SparkyLinux 2020.08 GameOver, Multimedia and Rescue editions have been synced with the Debian Testing “Bullseye” repositories as of August 24th, 2020.

          Among the biggest changes in SparkyLinux 2020.08, there’s the Linux 5.7.10 kernel for better hardware, which is accompanied by the Linux 5.8.3 and 5.9 RC2 kernels in the SparkyLinux unstable repositories for those who want bleeding-edge support, and the latest GCC (GNU Compiler Collection) 10 as default system compiler.

      • Canonical/Ubuntu Family

    • Devices/Embedded

      • The design behind a modular and secure mobile phone
      • Nexcom launches four Linux-driven in-vehicle edge-AI PCs with Google’s Edge TPU

        Nexcom announced two Coffee Lake and three Apollo Lake in-vehicle systems that ship with Google’s Coral Edge TPU mini-PCIe cards and 4x to 8x PoE ports. Google recently released an open source runtime for the Edge TPU.

        Google’s Coral AI family of Linux-driven products built around its 4TOPS @ 2W Edge TPU neural accelerator has yet to seriously challenge Nvidia’s Jetson modules in edge AI. Yet, we’re starting to see some third-party products supporting the Edge TPU, including Asus’ Tinker Edge T variant of Google’s Coral Dev Board, which similarly runs on its i.MX8M and Edge TPU equipped Coral SOM. Yesterday, Nexcom announced four variations of existing Intel Apollo Lake and Coffee Lake based vehicular computers plus one upcoming model that ship with the Edge TPU equipped Coral PCI-E Accelerator mini-PCIe card. (See farther below for brief summaries.)

      • Open Hardware/Modding

        • NODE Mini Server V3 Transforms Raspberry Pi 4 Into a Server or Mini PC

          Hardware hacker NODE has had a busy month starting with the announcement of Zero Terminal V3 modular Raspberry Pi Zero W powered handheld PC, and now he’s just showcased NODE Mini Server V3 that transforms a Raspberry Pi 4 into a compact server or mini PC.

        • MIDI-controlled slide whistle made with an Arduino Due

          Slide whistles and recorders can be great for learning music, and perhaps a bit of fun, but what about teaching a robot to play such a wind instrument? The Mixed Signal’s MIDI-controlled system could be used for just that.

          The project is comprised of a 3D-printed fipple and piston that go into a PVC tube, while air input is via a centrifugal blower fan. A plunger with a rack-and-pinion gear are used to move the piston back and forth, changing the note being played.

    • Free, Libre, and Open Source Software

      • Productivity Software/LibreOffice/Calligra

        • Bright side of LibreOffice

          LibreOffice has a very useful sidebar so it’s time to make them shiny even more. I made an proposal for an sidebar upgrade.

        • Physics Based Animation Effects Week#12

          Past week, all of the changes in my private experimental branch got merged to master \o/.

          Since it is the last week of GSoC, I will be finalizing the project this week by creating some animation effect presets, documenting the code, fixing bugs and preparing a work product submission.

        • LibreOffice GSoC Week 12 Report

          Hello, I want to share with you the progress of this week. Last Week: Sort functions are done.Patch Rating images are implemented to UI, rating will be shown from the UI. Patch Install function is implemented. Path Documentation will be done today, or tomorrow at the latest Thanks to my mentors, Muhammet Kara and Heiko Tietze, and LibreOffice community.

        • Exploring LibreOffice 7.0

          The Document Foundation (TDF) has announced the release of LibreOffice 7.0. This major release is a significant upgrade from version 6.4.6, focusing on interoperability with Microsoft Office, general performance, and support for OpenDocument Format (ODF) version 1.3. A complete list of new features and bug fixes can be found in the release notes.

          When talking about the latest LibreOffice release, one must also talk about ODF, the default format for LibreOffice documents. ODF version 1.3, which was approved as an OASIS Committee specification back in December 2019, offers several improvements to the format that LibreOffice can now take advantage of. For the security concerned, document encryption using OpenPGP (PGP) is a welcome addition. Further, while LibreOffice has supported digital signatures in past releases via SSL/TLS certificates, PGP keys can now be used to sign documents in LibreOffice 7.0.

      • FSF

        • FSFE

          • European Consultation +++ 100 days in Munich +++ Open Science Coordinator

            The FSFE has published a first feedback to the European Commission's public consultation regarding the update of the "Intellectual Property (IP)" regulatory system. In this feedback, the FSFE expresses to the Commission our understanding that the term "intellectual property" is ideologically charged and dangerously oblivious to the significant differences that exist between the many areas of law that it tries to subsume. In addition, the effect of patent law, copyright and other related areas is to create temporary monopolies that exercise private power over other people. Monopolistic market actors can often benefit from such a structure, at the expense of healthy competition and other benefits for the commons.

            In contrast, Free Software regulatory and management models around the world have shown in the past 40 years that allowing the broadest amount of knowledge to be shared in society is a sustainable and more equitable regime to foster societal progress and wealth. The FSFE therefore urges the Commission to use this opportunity to question the outdated notion that expanding monopolies over knowledge would lead to more progress. The Free Software model represents one of the best examples the Commission can take to deepen its understanding on how new models based on knowledge sharing are fundamental for a more innovative, fair, and socially just society.

        • GNU Projects

          • Voxel plotting with gnuplot 5.4

            In this followup to our coverage of the release of gnuplot 5.4, we look more deeply at one of the new features: voxel plots. We only briefly touched on these plots in that article, but they are the most conspicuous addition in this release of the free-software graphing tool. Voxel plotting provides multiple ways to visualize 3D data, so it is worth looking at this new plot type in more detail.

            [...]

            The first six lines of the script set the ranges of the display bounding box, the angle of view, the position of the bottom plane, and set the borders to surround the box on all sides. The next line, beginning with $charges, defines a "data block" consisting of the following two lines. Each line contains x, y, z, coordinates and, in the fourth column, the magnitude of the charge. The final command, broken over two lines, plots the two charges using their positions, extracted with the using 1:2:3 piece, and the charge value from the fourth column, extracted with the :4. This value is used to decide which colors the plotted points should be, by mapping the value onto the color palette, which is what the "linecolor palette" tells gnuplot to do. The other clauses set the pointsize to be five character widths and the pointtype to a circle (7).

            Next, we will make a graph of the 3D structure of the potential field around these two charges. For this, we turn to the voxel grid. Just as a 2D image, such as a photograph, is a rectangular array of pixels, data in 3D can be represented as a 3D rectangular array of voxels, or volume pixels. Each voxel has x, y, and z coordinates, and a numerical value attached to it, so the voxel grid can represent a function of three variables, f(x, y, z). Note that this is completely new in gnuplot 5.4; previously, 3D plotting was confined to the plotting of surfaces or other representations of functions of two variables

      • Programming/Development

        • Meeting C++ 2020

          The Schedule, Talks and Speakers are now online for this ever growing ‘partly virtual ‘event for the European C++ community. KDAB is proud to be a sponsor again this year.

          This year’s online conference features eleven talks in one track. On November 14th you can see a talk from KDAB’s Marc Mutz: Partially-Formed Objects For Fun And Profit.

        • Dirk Eddelbuettel: #29: Easy, Reliable, Fast Linux CRAN Binaries via BSPM

          Welcome to the 29th post in the randomly repeating R recommendations series or R4 for short. Our last post #28 introduced RSPM, and just before that we also talked in #27 about binary installations on Ubuntu (which was also a T4 video). This post is joined with Iñaki Ucar and mainly about work we have done with his bspm package.

        • SwiftIO Arm Cortex-M7 MCU Board Targets Apple Swift Programming Language

          Swift programming language has been developed by Apple for iOS, iPadOS, macOS, watchOS, tvOS, and Linux. The programming language works with Apple’s Cocoa and Cocoa Touch frameworks, as well as existing Objective-C code written for Apple products.

          MadMachine has now created an Arm Cortex-M7 development board, named SwiftIO, specifically designed for Swift programming language through MadMachine IDE and SwiftIO framework.

        • The Three Characteristics of Fast Growing Programming Languages [Ed: Microsoft-funded 'analyst' boost Microsoft-controlled language, probably based on rankings limits to Microsoft-controlled GitHub]

          The justifications for creating a new programming language vary. If you’re a computer scientist like Mary Hawes or Grace Hopper, your concern is economics: the cost of programming generally, and for porting applications to new hardware platforms specifically. If you’re Dennis Ritchie or Ken Thompson, your issue is that the prior letter of the alphabet is too slow. Or if you’re Rasmus Lerdorf, you want something simpler to maintain your homepage so you write a surprisingly cromulent language that still powers wide swaths of the public internet.

          The intent, in turn, informs the execution. COBOL is human readable, C is fast and PHP is, or at least was, simple.

          None of which guarantees anything. As engineers need to be reminded regularly, not only doesn’t the best technology win in every case, it doesn’t win in most cases. The quality of the technical implementation is but one among many factors in the adoption – or lackthereof – of a given piece of technology.

        • Searching code with Sourcegraph

          Sourcegraph is a tool for searching and navigating around large code bases. The tool has various search methods, including regular-expression search, and "structural search", which is a relatively new technique that is language-aware. The open-source core of the tool comes with code search, go-to-definition and other "code intelligence" features, which provide ways for developers to make sense of multi-repository code bases. Sourcegraph's code-searching tools can show documentation for functions and methods on mouse hover and allow developers to quickly jump to definitions or to find all references to a particular identifier.

          The Sourcegraph server is mostly written in Go, with the core released under the Apache License 2.0; various "enterprise" extensions are available under a proprietary license. The company behind Sourcegraph releases a new version of the tool every month, with the latest release (3.18) improving C++ support and the 3.17 release featuring faster and more accurate code search as well as support for AND and OR search operators.

        • PHP Debugging using Xdebug

          While PHP does not come with a full toolkit for debugging and profiling, an open-source project has existed almost as long as PHP to provide both: Xdebug. Created and maintained by PHP core developer Derick Rethans, it offers remote debugging, stack traces, profiling, and more. It is a project that anyone doing PHP development would benefit from using.

        • Python

          • Administer All The Things

            In the previous Understand Django article, we used models to see how Django stores data in a relational database. We covered all the tools to bring your data to life in your application. In this article, we will focus on the built-in tools that Django provides to help us manage that data.

          • Blackberry Released an Anti-Malware Tool Written in Python

            In case you missed it earlier this month, Blackberry released a tool of theirs that they use for reverse engineering malware. That tool is called PE Tree and is open-source and written in Python.

            Blackberry used the popular PyQt5 GUI toolkit to write that displays a tree view of portable executables, which makes it easier dump and reconstruct malware that is in memory.

          • Jupyter: JUlia PYThon and R

            Did you know that @projectJupyter's Jupyter Notebook (and JupyterLab) name came from combining 3 programming languages: JUlia, PYThon and R.

            Readers of my blog do not need an introduction to Python. But what about the other 2?

            Today we will talk about R. Actually, R and Python, on the Raspberry Pi.

          • Top 5 Python Courses You can Join today for FREE

            Hello folks, If you are a beginner looking for some Free Python resources to start your programming journey then you have come to the right place.

            Earlier, I have shared a couple of free Python Programming eBooks sand today I'll share a couple of good Python programming courses which are absolutely FREE!! You can take these online courses to learn Python at your own pace, at your own time, and at your place.

          • Common Python Data Structures (Guide)

            Data structures are the fundamental constructs around which you build your programs. Each data structure provides a particular way of organizing data so it can be accessed efficiently, depending on your use case. Python ships with an extensive set of data structures in its standard library.

            However, Python’s naming convention doesn’t provide the same level of clarity that you’ll find in other languages. In Java, a list isn’t just a list—it’s either a LinkedList or an ArrayList. Not so in Python. Even experienced Python developers sometimes wonder whether the built-in list type is implemented as a linked list or a dynamic array.

        • Shell/Bash/Zsh/Ksh

        • Rust

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Security

          • Kernel ASI Still Being Worked On For Protecting Against Hyper Threading Data Leaks

            At this week's Linux Plumbers Conference there were DigitalOcean engineers providing an update on their CoreScheduling work in the era of vulnerabilities affecting Hyper Threading. Oracle meanwhile presented today at LPC2020 on their Kernel Address Space Isolation (ASI) functionality for dealing with Hyper Threading data leakage in a different manner, but the performance costs are still being evaluated.

            Oracle engineers for more than one year have been working on Kernel ASI to prevent data leakage when Hyper Threading is vulnerable from the likes of L1 Terminal Fault (L1TF) on Intel CPUs. Where as DigitalOcean's work on core scheduling is about ensuring only trusted applications are on sibling threads of a core, ASI is about isolating the address space between different areas of the kernel to prevent leaking bits as a result of attacks like L1TF or Foreshadow.

          • What is a Zero-Day Exploit?

            A Zero-day exploit is the crown prize of hackers. A Zero-day exploit is where an attacker finds a vulnerability on a system that the vendor’s and the public’s not aware of. There is no patch and no system to protect against it except removing that service of the system. It’s called zero-day because there are zero days for software developers to patch the flaw, and nobody knows about this exploit that it is very dangerous.

            For developing zero-day, there are two options either you develop your own or capture zero-day developed by others. Developing zero-day on your own can be a monotonous and long process. It requires great knowledge. It can take a lot of time. On the other hand, zero-day can be captured developed by others and can be reused. Many hackers use this approach. In this program, we set up a honeypot that appears as unsafe. Then we wait for the attackers to get attracted to it, and then their malware is captured when they broke into our system. A hacker can use the malware again in any other system, so the basic goal is to capture the malware first.

          • Kali Linux NetCat Persistent Agents

            Netcat is a network utility that can read and write to both UDP and TCP ports. It’s often referred to as the Swiss Army knife of hacking tools because it can do several things as both a client and a server during hacking adventures. We will often use it to create bind and reverse shells hood around reports to see what’s happening and send files between machines. Shell is a way that you can interact with a computer like a command prompt on Windows or terminal in Linux. Netcat allows us to perform a lot of things like reverse shelves, to communicate between two or more computers, and will enable you to perform a plethora of functions. Netcat is able to Port Scan and connect to open ports using it’s simple command arguments. It is also capable of sending files and providing remote administration either through a direct or reverse shell.

          • Unicornscan: A beginner’s guide

            Port scanning is one of the most popular tactics in use by blackhat hackers. Consequently, it is also frequently used in Ethical hacking to check systems for vulnerabilities. Several tools facilitate portscanning, nmap, NetCat, Zenmap, being a notable few.

            But today, we’ll talk about another great port scanner: Unicornscan, and how to use it in your next attempt at portscanning. Like other popular tools for portscanning such as nmap, it has several great features that are unique to itself. One such feature is that it can send out packets and receive them through two different threads, unlike other portscanners.

            Known for its asynchronous TCP and UDP scanning capabilities, Unicornscan enables its users to discover details on network systems through alternative scanning protocols.

    • Monopolies

      • Patents

        • Unified Consulting 5G study finds significant submarine patents

          Unified Consulting (UC), a sister company to Unified Patents, recently completed a study on 5G and identified using the 5G OPAL (Objective PAtent Landscape) tool which evaluated over 1,000,000 patents for essentiality based on participation and almost 100,000 self-declared patents. It is based on the OPEN 3GPP (Standard Submission Repository) with over 200,000 3GPP / 5G contributions and a methodology using an AI based semantic similarity algorithm.

          The study found a significant number of UNDECLARED patents are likely essential for 5G. They include well known companies such as Comcast, China Mobile, Coolpad, Acer, and many others. UC calls these submarine patents since FRAND may not apply to them based on some current court decisions. A table of some of these can be found in the chart below.



Recent Techrights' Posts

"Security Advantages" Explained by a Scammy "Security" Site That Uses LLMs to Spew Out Garbage
destroying the Web by saturating it with "bullshit".
Over at Tux Machines...
GNU/Linux news for the past day
 
Links 12/10/2024: More Site Blocking, China's Hostility, and Evan Gershkovich's Upcoming Book
Links for the day
Links 12/10/2024: Boeing to Cut 17,000 Jobs, Medieval Sleeping Habits, Warning About Liquidweb
Links for the day
Links 12/10/2024: Health, Safety and Climate Concerns
Links for the day
Gemini Links 12/10/2024: Ensemble and Assembler
Links for the day
Links 12/10/2024: TikTok Layoffs and Risk of More Wars
Links for the day
IRC Proceedings: Friday, October 11, 2024
IRC logs for Friday, October 11, 2024
Gemini Links 11/10/2024: Against Cynicism, on Atheism, and Dropping Off The Internet
Links for the day
IBM Employees Smell Another Wave of Mass Layoffs (and Explain the Signs)
IBM currently has the policy of hiding the layoffs from shareholders and from the press using NDAs
Links 11/10/2024: Lots More Censorship and Growing Concerns About Health Impact of Social Control Media
Links for the day
Going Almost 4.5 Decades Back to Find 'Dirt' on a Person
That incident was 42.5 years ago. Is that how far some people would go in an effort to discredit a person?
XBox is Dead. This is Just the Beginning.
the main reason Microsoft bought Activision/Blizzard was to hide the growing losses and failure of XBox
The Risk to the "Linux" Brand
Brands that are not guarded from misuse/abuse will inevitably lose their original meaning and their value
Gemini Links 11/10/2024: Deploying Common Lisp Programs and Examining FreeBSD
Links for the day
Links 11/10/2024: Discord Still Blocked in Turkey, Google Might be Split
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 10, 2024
IRC logs for Thursday, October 10, 2024
LinuxSecurity (Guardian Digital, Inc) Sloppy With Its 'Linux' Slop
This kind of stuff is killing the World Wide Web and ruins human knowledge
[Meme] Chin-dropping and Jaw-dropping (Considerable Drop in Patent Validity and Quality)
This drop is very much intentional
Gemini Links 10/10/2024: Untruth, SSH, Gopher, and More
Links for the day
Geminispace Beyond 4,100 Capsules
4,000 was less than 8 weeks ago
Links 10/10/2024: TikTok's Legal Problems, WeblogPoMo Challenges
Links for the day
[Meme] European Patent Convention and Vienna Convention Became Only Fictions (Laws and Constitutions Are Now Works of Fiction in Europe)
A political crisis and blunder
Almost a Thousand EPO Staff Protesting to EPO Member States That the Office Illegally Grants Software Patents and Other Invalid European Patents
"The outcome confirms that the concerns about the EPO’s ability to grant legally sound patents remain"
Loss of Technical Merit(ocracy)
"buzzword diplomas"
Junk Science
science is being compromised for business purposes
[Meme] Dismantling .io (Stick a Fork, the Hype is Done)
NVIDIA is an excellent new example of hype driving up fictional "value"
UNIX is 55 This Year, It is 6 Years Older Than Microsoft
It should be noted that the surviving co-creator of UNIX, Ken Thompson, 'moved' to GNU/Linux (Debian) in recent years
This Year, for the First Time Since August 2019 (Bill Gates MIT Scandal, Jeffrey Epstein Bribes), libreplanet-discuss Was Inactive an Entire Month
The MIT injustice remains and recent "libreplanet" events were held in a venue that's not MIT and far less prestigious than MIT (the "Wentworth" imitation)
[Meme] Different Ending for Jurassic Park
UNIX in old movies
Evolution of Hype
Passing fads and rebranding
Groklaw Will Hopefully Come Back
Sites should be able to run for decades with hardly any human role/interaction, but that's not where we are...
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 09, 2024
IRC logs for Wednesday, October 09, 2024